- Just 18% of organizations say their application development and delivery aligns with their network security operations, according to a FireMon survey released last week. The survey is based on responses from 500 IT security leaders in organizations with at least 1,000 employees.
- Two-thirds of respondents said existing friction between security and development is the primary risk for product deployments and downtime. Just over half of respondents cited slower application deployment as a risk factor.
- In response to remote work challenges, 44% of IT security leaders said they are slightly accelerating their transition to the cloud to offset network security challenges. Only 4% said they are halting their cloud projects.
Accelerating cloud adoptions is one of the primary areas of focus for network security. CISOs and security leaders can reclaim management attention to products and enterprise security with the cloud, said Moudy Elbayadi, SVP and CTO of Shutterfly, during an industry roundtable Thursday. Management attention is "actually more valuable than anything else."
With the cloud taking over hardware and infrastructure security responsibilities, it frees the company purchasing cloud services to focus on application and software security. Having the company in a public cloud, Elbayadi is "always a little bit giddy" when there's an F5 vulnerability he doesn't have to deal with in-house, he said.
The cloud can alleviate energy required for patching hardware, but it can still add complexity to a company's security strategy. The cloud unburdens security operations centers to a certain extent, allowing them to focus on the products they develop and customer data companies house.
Five years after announcing its cloud strategy built on Amazon Web Services, Capital One closed its final data center on schedule last year. Though Capital One was an early widespread cloud adopter, its 2019 breach is seen as an attack that could happen to any company, at any time.
"Cloud services were getting wide adoption at the time of the breach. Such services have hundreds or sometimes thousands of configuration parameters. With so many parameters, it may be near impossible for [configurations] to all be set correctly," Neil Daswani, co-director of Stanford Online's Advanced Cybersecurity Certificate Program, and former CISO for Symantec CBU and LifeLock, wrote in the book he co-authored, "Big Breaches: Cybersecurity Lessons for Everyone."