DevOps security has not caught up
Limited Time Offer!
For Less Than the Cost of a Starbucks Coffee, Access All DevOpsSchool Videos on YouTube Unlimitedly.
Master DevOps, SRE, DevSecOps Skills!
Source – networksasia.net
With the world’s fourth-largest internet population, Southeast Asia has in recent years become an attractive target for cybercriminals, their task made simpler by an underdeveloped system of data protection laws and weak adoption of cybersecurity best practices.
The pace of innovation and rapid adoption of new technologies such as cloud and DevOps also pose further vulnerabilities for Southeast Asia.
DevOps is the future, but organizations are not future-proof
While seventy (70) percent state their organization plan to – or already have – implement DevOps as a way of working, DevOps security has not caught up, according to the findings of a survey conducted by CyberArk at the annual security professionals’ conference RSA.
This leaves a large majority of organizations unprepared for the security obstacles brought about by DevOps.
The study also revealed that two in three organizations (66 percent) believe that DevOps presents new security obstacles, with forty-seven (47) percent showing concern that these obstacles are not fully understood as yet.
Despite the clear security concerns, DevOps teams are not working with security teams. Only thirty-eight (38) percent of organizations that have a DevOps team report that this team and its processes are fully integrated with the security practice.
Forty-six percent of organizations that have a DevOps team only involve the security team at the end of each development cycle. This can potentially mean robust security practices and features are not fully adopted at the development phase. Organizations can be vulnerable until these gaps are addressed.
More attention to cloud security, but improvements are needed
One in three organizations (33 percent) have implemented a mix of third party / public cloud vendor security solutions to secure their cloud applications.
Thirteen (13) percent rely solely on the public cloud vendor’s built-in security, which can pose as a danger as the organization does not have a view of their credentials’ security and are dependent on a third party security control features. Even more worryingly fourteen (14) percent are still in the planning / implementing stage of their cloud security strategy.
A third (33%) do not secure, rotate, control and monitor access to the privileged passwords used to authenticate to the management console. This poses a danger to the accounts being exploited or compromised as there is no visibility on the access and security of these privileged accounts.
On the Radar: Strengthened focus on cybersecurity strategy
The recent NotPetya and WannaCry ransomware attacks have pushed 3 in 5 organizations (61 percent) to rethink their endpoint security strategy. Security is now a top-level board consideration at 4 out of 5 organizations (78 percent).
The recently announced Singapore Cybersecurity Bill is seen as a good initiative with 50 percent of respondents fully supporting its aims.