State of Cloud Native Application Security Report More security responsibility for developers?
What influence do cloud-native technologies have on application security? Snyk, a provider specializing in container and cloud native security, has addressed this question.
Companies on the topic
According to Snyk, developers are willing and willing to take on more responsibility for security.
(© AndSus – stock.adobe.com)
Snyk’s Cloud Native Application Security Report paints a new reality for developers and security staff. Thus, the key to modern, successful security strategies is to put the developer at the center and embed security throughout the entire life cycle of software development.
Since the introduction of Cloud Native, security concerns have increased in almost 60 percent of respondents, writes Snyk. This, in turn, has led to a shift in the perceived security responsibility: more than a third of developers consider themselves jointly responsible for the security of their cloud native environments. However, only one in ten respondents in security-relevant roles believes this.
Snyk president and co-founder Guy Podjarny points out that development teams are willing and willing to take on more responsibility for security: “It’s now up to the security departments to embrace this change, support their fellow developers, and in turn develop their own traditional roles and responsibilities.“
When asked which problems are the biggest cause for concern, more than half of the respondents answered with potential misconfigurations. These concerns are not unjustified, since misconfigurations (45 percent) before unpatched vulnerabilities (38 percent) are actually responsible for most security incidents in the cloud native environments studied.
Automation boosts the ability to test more frequently, according to the survey: nearly 70 percent of respondents with a high degree of deployment automation were able to test their security on a daily basis. This is 17 times more than for those without deployment automation, where six out of ten respondents only test their security on a monthly basis.
In companies with a high degree of automation, 72 percent of participants reported that vulnerabilities are fixed in less than a week. More than a third of respondents (36 percent) even report an average patch time of one day or less.
For companies with a high degree of automation, the probability that security issues will be resolved within a day is more than four times as high, and the probability that they will be resolved within a week is more than twice as high.
The full State of Cloud Native Application Security report can be found on the Snyk website.