Cloud Security, Security Architecture

Developers, IT decision-makers out of sync when it comes to who owns cloud security

IT decision-makers and developers disagree on which teams should be responsible for policies and compliance. Pictured: A team from the U.S. Coast Guard Academy participated in the National Security Agency’s 20th annual National Cyber Exercise in 2021. (Petty Officer 2nd Class Hunter Medley/Coast Guard)

New research this week from Styra found that while 97% of IT decision-makers and 96% of developers rate their ability to manage security for cloud apps as “strong,” they were not perfectly aligned when it comes to who owns policy, compliance and cloud security responsibilities.

The survey found that 21% of developers believe that IT infrastructure and Ops teams are responsible for defining polices, while 45% of IT leaders believe it’s the IT infrastructure and Ops team. And when it comes to proving that apps are compliant internally, 22% of developers believe that IT infrastructure and Ops teams are responsible, while 41% of IT decision-makers believe that IT infrastructure and Ops teams are responsible.

On the issue of meeting and proving compliance to external auditors, 42% of developers say it’s the security team’s job, while 25% of IT decision-makers say it’s the security team’s job.

“With organizations increasing their investment in cloud-native and open-source technologies, it’s important that teams are aligned when it comes to security,” said Tim Hinrichs, co-founder and CTO at Styra. “While it’s great to see both developers and IT decision-makers aligned around the importance of cloud-native security, they need to start looking at it with a unified approach.”

Mike Parkin, technical engineer at Vulcan Cyber, said the Styra report pointed out that a lot of organizations have some discrepancy in which group owns security between the security, development, and infrastructure teams.

“This means a lot of organizations miss the point that security ultimately belongs to everyone,” Parkin said. “Specific functions may require different skills and access, which makes for some obvious divisions of labor, but there still needs to be clear processes and communication across the silos. Working across silos to keep the organization secure is vital, and only becomes more important with the move to cloud migrations.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.