Cloud-native adoption shifts security responsibility across teams
Styra released a research report which explores how in sync, or misaligned, IT leaders and developers are when it comes to cloud-native technology use and security during their digital transformation journeys.
As organizations increase adoption, the report outlines why developers and IT decision-makers need a unified approach in addressing security and compliance.
Styra surveyed 350 IT decision-makers and 350 developers that work with cloud-native environments to learn how they view their responsibilities when contributing to digital transformations at their organizations.
Having a unified approach between IT decision makers and developers during the transition to cloud-native is paramount to making internal processes and innovation more efficient.
According to the findings, cloud-native and open-source are booming with IT decision makers (97%) and developers (96%) stating that their organizations plan to expand use over the next 12 months. With this increase in use comes a greater need for security due to rising compliance regulations and ever-evolving cyberattacks.
Both parties stated that they have high confidence in their organizations’ ability to manage security for cloud-based applications, with 97% of IT decision-makers and 96% of developers rating their abilities as strong.
Cloud-native technology security responsibilities
Even with confidence in an organization’s security, IT decision makers and developers need to increase alignment on who owns policy, compliance and cloud security responsibilities in order to make operations seamless. Here is where they currently stand:
Defining policies that control how cloud applications are secured and managed:
- 21% of developers believe IT Infrastructure and Ops Team teams are responsible
- 45% of IT leaders believe its the IT Infrastructure and Ops Team
Proving that applications are compliant internally:
- 22% of developers believe that IT Infrastructure and Ops teams are responsible
- 41% of IT decision makers believe that IT Infrastructure and Ops teams are responsible
Meeting and proving compliance to external auditors:
- 42% of developers said it is the security teams’ job
- 25% of IT decision makers believe it is the security team’s job
“With organizations increasing their investment in cloud-native and open-source technologies, it’s important that teams are aligned when it comes to security,” said Tim Hinrichs, CTO at Styra.
“We’re seeing firsthand in our community the changing dynamics around security and policy, especially with new trends like shift left, everything-as-code and DevSecOps. While it’s great to see both developers and IT decision-makers aligned around the importance of cloud-native security, they need to start looking at it with a unified approach.”
Additional findings
Cloud-native and open-source adoption leads to different challenges:
- Over the next 12 months, 63% of IT decision makers believe training employees to use cloud-native and open-source tools is the biggest challenge
- Over the next 12 months, 70% of developers believe onboarding each piece of new technology and phasing out old technology is the biggest challenge
IT decision makers and developers have different priorities in mind:
- Developers believe migrating legacy applications to the cloud (67%) and building production, customer-facing cloud applications (66%) should come first
- IT decision makers slightly differ, believing enhancing data privacy security measures (77%) and then migrating legacy applications to the cloud (59%) should be prioritized
- Both parties (IT leaders – 57%, developers – 65%) believe building a proof-of-concept application in the cloud should come third
“These findings prove that IT decision makers and developers need to work together as they take on accelerated adoption of open-source and cloud-native tools,” said Hinrichs.