If organisations are not careful, pressures imposed on DevOps teams can compromise application and data security in cloud environments, writes Haim Zelikovsky
In the next three years, public, private and hybrid cloud adoption will drive roughly 25 percent of the growth in the software as a service ‘SaaS’ market. Without the cloud, SaaS can’t mature – and without SaaS, companies won’t reap the rewards that the cloud offers. But as the variety of SaaS apps in organisations’ cloud footprints rises, they need to be aware of the risks.
Data and application security is one of the most commonly cited concerns when it comes to cloud deployment, to the extent that three in every five c-level execs say they are concerned about vulnerabilities in their cloud environment. A third report applications being attacked on a daily or even hourly basis.
SaaS-based web, mobile, or custom-made apps all work on different platforms, making frameworks difficult to secure. It’s hard managing all the APIs needed to automate and sync tools, which is of course where the risk comes from. The greater the number of apps, the broader the attack surface and, therefore, the more vulnerable organisations become.
And as we know from the constant stream of phone updates we receive from service providers, applications are always changing. Keeping up to date with evolving security policies is never easy, but is especially hard in a large cloud environment. Yet, failure to adopt changes puts the organisation and customers at further risk.
It’s not just technology that complicates cloud security. Two thirds of execs say the reason they are facing so many security risks is because of sloppy credentials management in DevOps environments.
According to recent Radware research, the most common cause of unauthorised access to cloud assets is when employees neglect credentials in public development forums. Employees also often leave the door open to hackers, due to configuration errors or by granting access to employees who practice low security hygiene.
Agile or fragile?
We’ve arrived at a situation where cloud environments make it very easy to grant access permissions yet very difficult to keep track of who has them.
Much of this has to do with the demands of business, and in particular satisfying customer demand, maintaining loyalty and retaining and growing market share. With customer demands constantly changing and expectations always growing, so development teams are continually under pressure to quickly roll out new enhancements.