Misconfigs and Unpatched Bugs Top Cloud Native Security Incidents


Over half of organizations have suffered a security incident due to misconfiguration or a known vulnerability in their cloud native applications, according to new research from Snyk.

The open source security firm’s first ever State of Cloud Native Application Security Report revealed that adoption of cloud native techniques is soaring, with over 78% of production workloads now deployed as containers or serverless applications.

However, this comes with its own risks: 60% of developers have had increased security concerns since going cloud native, the report claimed.

Misconfiguration (45%) and known unpatched bugs (38%) were the most commonly experienced security incidents, with misconfiguration (58%) and insecure APIs (52%) topping the list of respondents’ concerns.

“Cloud native platforms utilizing automated tooling rely on credentials such as secrets and API tokens in order to operate, necessitating a more decentralized approach to managing such access,” the report noted. “The need for effective management of these kinds of artifacts is a key differentiator from the more centralized pre-cloud era, and a major area of concern for operations teams transforming their infrastructure.”

On the plus side, Snyk also revealed that developers are becoming increasingly invested in matters of cybersecurity.

Although less than 10% of respondents in security roles said they thought developers were responsible for the security of their cloud native environment and applications, over 36% of developers claimed that they were.

Automation is the key to improving security during the development lifecycle, the report also found.

With fully automated pipelines in place, regular security testing appears to become easier. Respondents with high levels of deployment automation were more than twice as likely to have adopted security testing at all points throughout the software development lifecycle as those with no automation.

Plus, nearly 70% of these respondents with high levels of deployment automation were able to test their security daily or more frequently. That’s 17 times more than respondents who had no deployment automation, according to Snyk.



Source link