Let’s observe responsibilities of Cloud-native technology security & shifts security responsibility across teams
Even if an organization's security is confident, IT decision makers and developers must improve alignment on who owns policy, compliance, and cloud security responsibilities in order to ensure smooth operations. Here's where they stand right now:
Defining policies that control how cloud applications are secured and managed:
• 21% of developers believe IT Infrastructure and Operations Teams are to bear responsibility.
• 45 %of IT executives believe it is the IT Infrastructure and Operations Team.
Proving that applications are compliant internally:
• 22% of developers believe that IT Infrastructure and Ops teams are responsible
•41% of IT decision makers believe that IT Infrastructure and Ops teams are responsible
Meeting and proving compliance to external auditors:
•42% of developers said it is the security teams’ job
•25% of IT decision makers believe it is the security team’s job
With organizations raising their assets in cloud-native and open-source technologies, it's essential that security teams should be aligned. We are witnessing first-hand in our community the changing dynamics of security and policy, particularly with new trends such as shift left, everything-as-code, and Developments. While it's encouraging to see developers and IT decision-makers agree on the significance of cloud-native security, they must take a more unified approach.
Additional findings
Cloud-native and open-source adoption leads to different challenges such as -
•63% of IT decision makers believe that training employees to use cloud-native and open-source tools is the biggest challenge ahead
•70% of developers believe onboarding each piece of new technology and phasing out old technology is the biggest challenge
IT decision makers and developers have different priorities in mind:
• Developers believe that migrating legacy applications to the cloud (67%) and structuring production, customer facing cloud applications (66%) should be prioritized.
• IT decision makers differ slightly, with 77% believing that improving data privacy security measures (77%) and then migrating legacy applications to the cloud (59%), should be prioritized.
• Both parties (IT leaders 57 percent, developers 65 percent) believe that developing a proof-of-concept cloud application should come third.
Summing up -
These findings demonstrate that IT decision makers and developers must collaborate as they accelerate the adoption of open-source and cloud-native tools.