Cloud Threat Report Shows Need for Consistent DevSecOps

Organizations continue to make choices for the sake of speed in innovation, which can leave them unnecessarily vulnerable.

1 Min Read
Abstract technology background. Security concept with padlock icon
Getty Images

Developers might feel pressure to deploy in a hurry, yet skimping on security to save time can open the door to persistent risks. The findings of the latest Cloud Threat Report released by Unit 42 point to a rather unfortunate marriage of fast-moving, competitive strategies and lax attention to security policy. Unit 42 is the threat intelligence unit of cybersecurity provider Palo Alto Networks.

The necessity for robust security may seem all but academic as organizations migrate more workloads to the cloud. The trouble is those same organizations are driven by the need to stay ahead of their rivals, which can lead to exposure, says Matthew Chiodi, chief security officer for public cloud at Palo Alto Networks. “In our previous report, released last July, one of the big things we found was that 65% of publicly disclosed cloud security incidents were the result of customer misconfigurations,” he says. The latest report, he says, aims to address why the rate was so high.

Traditional, on-prem data centers might report fewer security incidents, Chiodi says, in part because of extensive change management and control. “To make a change in those environments, you typically have to go through multiple approvals,” he says. Such protocols might be relaxed in the cloud because of a continuous need to be relevant and stay ahead of the competition, Chiodi says. “CEOs are prioritizing growth and speed of innovation over cost. That push has caused DevOps teams to look for ways they can move quicker and push out apps faster.”

Read the full article. 

Read more about:

DevSecOpsInformationWeek

About the Authors

Joao-Pierre S. Ruth

Senior writer, InformationWeek

Joao-Pierre S. Ruth has spent his career immersed in business and technology journalism. He first covered local industries in New Jersey and later became the New York editor for Xconomy, where he delved into the city's tech startup community. He also freelanced for such outlets as TheStreet, Investopedia and Street Fight. Joao-Pierre earned his bachelor's in English from Rutgers University. 

InformationWeek

InformationWeek, a sister site to ITPro Today, is a trusted source for CIOs and IT leaders seeking comprehensive and authentic coverage of the constantly evolving world of technology and its impact on business. Our experienced and ethical journalists conduct in-depth examinations of crucial issues and the impact of global events on IT operations and strategies, helping forward-thinking executives stay at the forefront of their industries. InformationWeek also provides a platform for enterprise IT leaders and leading tech companies to share their insights and experiences through exclusive interviews, opinion pieces, and events, offering firsthand accounts of strategies, trends, and innovations.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like