A survey of more than 400 security practitioners published by FireMon, a provider of management tools for network security, has found a surprisingly significant amount of progress is being made regarding adoption of best DevSecOps processes.
According to the survey results, 44 percent of respondents report DevOps has had a positive impact on security operations. Nearly 50 percent of respondents said they were either best of friends with the DevOps teams in their organization or part of the team.
Despite those advances, however, 60 percent of respondents said deployment of their business services in the cloud has accelerated beyond their ability to secure them adequately in a timely manner. The top three specific challenges associated with achieving cloud security are lack of visibility (15 percent), lack of training (15 percent) and lack of control (14 percent).
The real challenge is keeping up with the rate at which application workloads are being deployed in the cloud. More than half the respondents (52 percent) said their security teams consists of 10 or fewer people. A total of 58 percent said their organization today spends less than 25 percent of their total security budget on the cloud.
The survey makes it clear that cloud security will only become more problematic. Half of respondent (50 percent) have two or more different clouds deployed, while 40 percent have a hybrid cloud environment. Another 23 percent have two or more different clouds in a proof-of-concept stage or are planning to employ another cloud platform in the next 12 months. The biggest challenges implementing cybersecurity across multiple clouds are lack of integration across tools (15 percent), lack of qualified personnel and training (15 percent), lack of centralized view (14 percent) and having too many tools (14 percent).
Tim Woods, vice president of technology alliances for FireMon, said cybersecurity teams will have to find ways to automate the applying security controls across multiple clouds simultaneously, given the inherent challenges associated with securing multiple clouds. Each cloud today has its own unique security framework. But managing all those frameworks in isolation is not likely to be sustainable, given the perennial shortage of cybersecurity expertise, said Woods. The FireMon survey finds more than half of respondents (54 percent) are being tasked with managing both on-premises and cloud security. But only 28 percent of respondents said they have cybersecurity tools that work across multiple environments and 59 percent rely on two or more types of firewalls to secure their environments.
Put it together and it becomes apparent that most organizations are on the cusp of a new era of cybersecurity. The attack surfaces that need to be defended have expanded in the age of the cloud. Unfortunately, there has not been a corresponding increase in the size of the cybersecurity teams charged with securing those platforms. In effect, cybersecurity teams need to do more with at least the same amount of resources—or, sometimes even less.
It remains to be seen how many organizations will be able to rise to meet that cybersecurity challenge. But for those that can’t rise to meet that challenge it’s a matter of time before the worst happens.