- Organizations are deploying cloud-native code more frequently than a year ago, sometimes neglecting security requirements in critical stages of the development process.
- Two-thirds of enterprises are deploying code more often and nearly 2 in 5 deploy code to production daily, according to “The State of Cloud-Native Security” report released Tuesday by Palo Alto Networks. Nearly 1 in 5 organizations are deploying code multiple times a day.
- This escalation in new code released comes as organizations operate with an average of 10 developers for every security professional on staff, highlighting inefficiencies and pressure in the DevOps process.
The report’s findings underscore how priorities and development operations are misaligned, a tension that is at odds with the Biden administration’s “secure by design” national cyber strategy.
The pace of code deployments is “an incredible rate for security teams to keep up with,” Charles Goldberg, senior director of product marketing at Palo Alto Networks, said via email.
“Like the adage says, seat belts in cars allow drivers to go faster safely. It’s the same in organizations —they can only build and deploy new applications quickly if they are safe,” Goldberg said. “If not, they will be exploited in production and it will take developers a lot more time to fix —reducing their speed in writing new code.”
The imbalance between developers and security professionals on staff spotlights a disconnect between these business functions and objectives. More than 3 in 4 respondents said developers are held accountable for writing insecure code, though security is not their primary responsibility.
“Ultimately, security teams are caught between responding to app teams and securing an increasingly complex cloud environment comprising multiple layers in the cloud stack,” the report said.
New risks are emerging as vulnerabilities and misconfigurations reach live products and end-user systems, according to the report.
Risks introduced early in the application development process was the top concern shared by respondents pertaining to cloud-native security incidents.
The survey included responses from 2,500 executives, IT leaders, developers and security practitioners in the U.S., Japan, Germany, the U.K., France, Singapore and Australia between Nov. 21 and Dec. 14, 2022. Palo Alto Networks commissioned The Fossicker Group to help with the survey and report.