Cloud Security, DevSecOps, Network Security

Security is the top challenge to cloud-native development, IT pros say

A security logo is shown on screen during a keynote address at the Consumer Electronics Show on Jan. 7, 2016, in Las Vegas. (Photo by Ethan Miller/Getty Images)

Tigera on Wednesday released a report that found some 96% of companies surveyed say that cloud-native application challenges are leading to slower deployment cycles — and that 67% cited security as the top challenge.

The report also found that while 75% of companies are focusing development on cloud-native applications, the increased development and deployment of cloud-native apps has also created the need for more advanced observability and security capabilities.

"Organizations are only just beginning to unlock the potential of cloud-native applications," said Ratan Tipirneni, president and CEO at Tigera. "At the same time, these innovations have created unforeseen challenges as evidenced by the majority of IT professionals naming security as a top challenge when it comes to cloud-native application deployment cycles. 

Cloud-native application development has rapidly become the "the norm" for software development and lets teams quickly and easily take full advantage of the features and scale that the cloud providers offer, said Mark Lambert, vice president of products at ArmorCode.

“The challenge is that teams are moving fast and furious into this new world and traditional organizational processes and structures don't scale to meet the needs,” said Lambert. “Nowhere is this more visible than with application security, where AppSec teams are overwhelmed with findings, alerts and vulnerabilities, and struggling to keep up with the pace of development. And this AppSec chaos results in unmanaged risk in production environments. For organizations to be successful with cloud native projects they also need to operationalize practices, such as Application Security, across their teams.”

In the public cloud, developers and DevOps run the show, said Vishal Jain, co-founder and CTO at Valtix. Jain said the industry needs to modernize security controls with dev-friendly grammar that operates at the speed of DevOps. He said with the variety of app approaches (containers, VMs, PaaS, serverless) many of the controls that sit closer to the app are fragmented.

“Once again, the network is the common ground and should be the foundation for any approach to securing cloud-native applications,” Jain said. “Some problems like egress security, lateral movement, and layered defenses have changed in the cloud. A new problem that desperately needs solving is that security efforts need complete visibility of a very dynamic environment — applications, networking and traffic patterns — to effectively place controls. Security teams must work with developers and DevOps to implement defenses, solve new problems, and still move at the speed of the cloud.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.