Cloud-native and open source are booming with IT decision makers (97%) and developers (96%) saying that their organizations plan to expand their use over the next 12 months.
With this increase in usage, the need for security is increasing due to increasing compliance regulations and growing cyber attacks. Both parties stated that they have high confidence in their organization’s ability to manage security for cloud-based applications, with 97% of IT decision-makers and 96% of developers rating their capabilities as strong.
This is according to a study by Styra, creator and maintainer of the Open Policy Agent (OPA) and expert on cloud root authorization. The ‘Cloud Root Link Report 2022’ explores how synchronised or skewed developers and IT decision makers are when it comes to using and securing cloud-based technology in their digital transformation journey. As organizations ramp up adoption, the report points to why IT developers and decision makers need a unified approach in solving security and compliance issues.
Styra surveyed 350 IT decision-makers and 350 developers working with a cloud-based environment to learn how they see their responsibility for contributing to digital transformation at their organization. Having a unified approach between IT decision makers and developers during the transition to cloud-native is paramount to making internal processes and innovation more efficient. Styra conducted this survey to see how the two groups coordinate and to understand where disconnection creates challenges for the organization’s success.
Even when confident in an organization’s security capabilities, IT developers and decision makers need to strengthen consistency on policy owners, compliance, and cloud security responsibilities to help keep operations seamless. Here’s where they are now:
Identify policies that control how cloud applications are secured and managed:
21% of developers believe that the IT Infrastructure team and the Task Force are responsible
45% of IT leaders believe their IT operations team and IT infrastructure
Demonstrate that applications comply internally:
22% of developers believe the It Infrastructure and Operations team is responsible
41% of IT decision-makers believe the It Infrastructure and Operations team is responsible
Meet and demonstrate compliance with external assessors:
42% of developers say this is the work of security teams
25% of IT decision-makers believe it’s the job of the security team
Tim Hinrichs, co-founder and CTO at Styra, said: “With organisations increasing their investments in open source and cloud-based technologies, it’s important for teams to fit together when it comes to security.” “As the creators of Open Policy Agents and leaders in the field of cloud-based authorization, we are seeing firsthand in our community the changing dynamics around policy and security, especially with new trends such as ‘shift left’, ‘everything-as-code’ and ‘DevSecOps.’ While it’s great to see both developers and IT decision makers align with the importance of cloud-based security, they need to start looking at it with a unified approach. ”
Additional findings in the “Cloud Platform Link Report 2022” include:
The adoption of open source and origin in the cloud leads to various challenges:
Over the next 12 months, 63% of IT decision makers believe that training employees to use open source and cloud-based tools is the biggest challenge.
Over the next 12 months, 70% of developers believe that integrating each new technology and phasing out the old one is the biggest challenge.
IT developers and decision makers have different priorities:
Developers believe that moving older applications to the cloud (67%) and building production, customer-oriented cloud applications (66%) should be a top priority.IT planners are slightly different, believing that strengthening data privacy security measures (77%) and then moving legacy applications to the cloud (59%) should be a priority.
Both parties (IT leaders – 57%, developers – 65%) believe that building a proof-of-concept application in the cloud should come third
“These findings demonstrate that decision makers and IT developers need to work together as they quickly adopt open source and cloud-based tools,” Hinrichs said. With Open Policy Agent and policy management systems like Styra DAS, teams can access the same page and streamline their efforts when it comes to security in open source and open source environments in the cloud. Doing so now will ensure organizations are setting themselves up to achieve success now and good in the future. “