The majority of European and Middle East cybersecurity professionals at organisations using DevOps practices in the public cloud believe their organisations are trading speed for security.
In a newly published cloud security study commissioned by global security leader, Palo Alto Networks, 72% of cybersecurity professionals indicated that the speed of public cloud adoption is introducing preventable security risks to software updates.
The DevOps model increases collaboration between development and operations teams, allowing for a fast-paced approach to application creation and enhancement.
Organisations have adopted this model to achieve faster application delivery, enhanced innovation, more stable operating environments, and performance-focused employee teams.
Yet, as the DevOps model is enthusiastically embraced, the survey findings indicate that cybersecurity is being overlooked and organisations may be vulnerable as a result.
Most notably there is concern among cybersecurity professionals about whether cybersecurity can match the speed and frequency of how DevOps updates apps and services in the public cloud. Only 47% of survey respondents indicated that they are confident that cybersecurity is working well for DevOps teams operating in the public cloud.
DevOps development in the cloud
Furthermore, only 22% of cybersecurity professionals said they had a firm grasp on the risks and needs that come with securing DevOps-operated environments in the cloud and nearly three-quarters of respondents reported that their organisations have either fully or partly adopted DevOps development in the public cloud. They are regularly deploying and changing software, with 1 in 5 doing many updates on a weekly basis.
Greg Day, CSO (EMEA), Palo Alto Networks, comments: “DevOps is proven to deliver strong results. Rapid delivery of code, infrastructure and data enables organisations to meet the needs of their customers faster than ever and stay ahead of their competition.
“However, too often, the speed and complexity of delivery have resulted in traditional cybersecurity processes failing to complete even rudimentary checks and controls at the same rapid pace, resulting in unnecessary risks. Indeed, we see over half failing to meet basic password management policies.”
Day also notes that organisations won’t wait for security teams to catch up, so they must leverage native integration points and automate their cybersecurity capabilities to address the continuous and real-time visibility and governance needed to keep pace with DevOps practices.
Written from press release by Leah Alger