As firms move applications to microservices environments, cyber risks grow
While organizations shift their applications to microservices environments, the responsibility for securing these environments is shifting as well, and this is likely exposing organizations to more security risks, according to a report by research firm Enterprise Management Associates.
For the study, commissioned by security provider Radware, EMA conducted a global, online survey of 278 executives and senior IT professionals in July 2019. The report found that the rapid expansion of the development security operations (DevSecOps) role has changed how companies address their security posture, with about 70 percent of survey respondents saying the CISO was not the top influencer in deciding on security software policy, tools, and/or implementation.
This shift has likely exposed companies to a broader range of security risks and gaps in protection, the report said. In fact, 90 percent of respondents reported they had experienced data breaches within the past 12 months, and 53 percent think cloud data or application data exposures resulted from misunderstandings of security responsibility with their cloud provider.
Organizations are adjusting roles and responsibilities to cope with both the agility and security requirements that accompany new environments. More than 90 percent of respondents reported that their organizations have DevOps or DevSecOps teams.
These teams are relatively new, with only 21 percent of respondents reporting that they’ve had DevSecOps teams in place for longer than 24 months.
The report showed that application attacks are a constant threat. The breadth of attacks respondents experienced daily included access violations, SQL injections, denial-of-service, protocol attacks and cross-site scripting.