![]() ![]() Don’t use CFTs? The researchers also found that 22% of all Terraform files contained at least one insecure configuration.īottom line: DevOps teams are using IaC and other forms of automation to scale. Proof point: In the Spring 2020 Cloud Threat Report, Unit 42 researchers found that 42% of all CloudFormation (CFT) files contained at least one insecure configuration. This is where security automation comes in. The downside is that if you create a template with a misconfiguration (like exposing a sensitive service to the entire internet), you also recreate that vulnerability every time the template is used. Each time, you’ll get the same environment. The beauty is that once you’ve defined the architecture of your application in an IaC template, you can reuse it an unlimited number of times. ![]() For the uninitiated, IaC templates replace the manual process of creating cloud infrastructure. One way to achieve this is by utilizing Infrastructure as Code (IaC) templates. We have a numbers problem.ĭevOps teams make heavy use of automation because it allows them to scale without proportional headcount. (ISC) 2 found only 2.8 million cybersecurity professionals worldwide. ![]() Here’s the truth: even in the most well-resourced security teams, this will almost certainly continue to be the case – as long as security teams remain under-invested in automation.Īccording to the Cloud Native Computing Foundation, there are an estimated 4.7 million cloud native developers around the globe. It seems that no matter how many people and tools they try to throw at the problem of securing their organizations, DevOps projects always grow disproportionately faster. Security professionals often tell me they are unable to scale. By contrast, 21% of the least-prepared companies have embedded security in DevOps. The survey found that 45% of the companies we rated highly prepared have embedded security into DevOps processes. There are three interesting parallels I’ve found with this survey when compared to our threat research (which provides a view into what organizations actually put into practice). We dug deep into the State of Cloud Native Security. How has this move to cloud native impacted the risk to organizations? We recently explored that question in an industry-first survey (which provides a view into what people think) of over 3,000 professionals. This is the complete opposite of "lift and shift." My personal definition goes something like this: An application is cloud native when it is crafted from day one to organically make use of API-driven platforms. ![]()
0 Comments
Leave a Reply. |