A padlock on a keyboard.
Cloud-native adoption shifts security responsibilities across teams

Duncan is an award-winning editor with more than 20 years experience in journalism. Having launched his tech journalism career as editor of Arabian Computer News in Dubai, he has since edited an array of tech and digital marketing publications, including Computer Business Review, TechWeekEurope, Figaro Digital, Digit and Marketing Gazette.

Cloud-native and open-source are booming with IT decision makers (97%) and developers (96%) stating that their organisations plan to expand use over the next 12 months.

With this increase in use comes a greater need for security due to rising compliance regulations and ever-evolving cyberattacks. Both parties stated that they have high confidence in their organisations’ ability to manage security for cloud-based applications, with 97% of IT decision-makers and 96% of developers rating their abilities as strong.

This is according to a study by Styra, the creator and maintainer of Open Policy Agent (OPA) and specialist in cloud-native authorisation. Its ‘2022 Cloud-Native Alignment Report’ explores how in sync, or misaligned, IT decision-makers and developers are when it comes to cloud-native technology use and security during their digital transformation journeys. As organisations increase adoption, the report outlines why developers and IT decision-makers need a unified approach in addressing security and compliance.

Styra surveyed 350 IT decision-makers and 350 developers that work with cloud-native environments to learn how they view their responsibilities when contributing to digital transformations at their organisations. Having a unified approach between IT decision makers and developers during the transition to cloud-native is paramount to making internal processes and innovation more efficient. Styra conducted this survey to see how coordinated the two groups are, and to understand where disconnects create challenges for an organisation’s success.

Even with confidence in an organisation’s security, IT decision makers and developers need to increase alignment on who owns policy, compliance and cloud security responsibilities in order to make operations seamless. Here is where they currently stand:
● Defining policies that control how cloud applications are secured and managed:
○ 21% of developers believe IT Infrastructure and Ops Team teams are responsible
○ 45% of IT leaders believe its the IT Infrastructure and Ops Team
● Proving that applications are compliant internally:
○ 22% of developers believe that IT Infrastructure and Ops teams are responsible
○ 41% of IT decision makers believe that IT Infrastructure and Ops teams are responsible
● Meeting and proving compliance to external auditors:
○ 42% of developers said it is the security teams’ job
○ 25% of IT decision makers believe it is the security team’s job

“With organisations increasing their investment in cloud-native and open-source technologies, it’s important that teams are aligned when it comes to security,” said Tim Hinrichs, co-founder and CTO at Styra. “As the creators of Open Policy Agent and leaders in cloud-native authorisation, we’re seeing firsthand in our community the changing dynamics around security and policy, especially with new trends like ‘shift left,’ ‘everything-as-code’ and ‘DevSecOps.’ While it’s great to see both developers and IT decision-makers aligned around the importance of cloud-native security, they need to start looking at it with a unified approach.”

Additional findings in the “2022 Cloud-Native Alignment Report” include:
● Cloud-native and open-source adoption leads to different challenges:
○ Over the next 12 months, 63% of IT decision makers believe training employees to use cloud-native and open-source tools is the biggest challenge
○ Over the next 12 months, 70% of developers believe onboarding each piece of new technology and phasing out old technology is the biggest challenge
● IT decision makers and developers have different priorities in mind:
○ Developers believe migrating legacy applications to the cloud (67%) and building production, customer-facing cloud applications (66%) should come first
○ IT decision makers slightly differ, believing enhancing data privacy security measures (77%) and then migrating legacy applications to the cloud (59%) should be prioritized
○ Both parties (IT leaders – 57%, developers – 65%) believe building a proof-of-concept application in the cloud should come third

“These findings prove that IT decision makers and developers need to work together as they take on accelerated adoption of open-source and cloud-native tools,” said Hinrichs. “With Open Policy Agent and policy management systems like Styra DAS, teams can get on the same page and streamline their efforts when it comes to security in cloud-native and open source environments. Doing so now will ensure organisations are setting themselves up for success now and well into the future.”

Want to learn more about cloud and cyber security from industry leaders? Check out Cyber Security & Cloud Expo. The next events in the series will be held in Santa Clara on 11-12 May 2022, Amsterdam on 20-21 September 2022, and London on 1-2 December 2022. 

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: cloud native, open source, Security

Posted by Contributor