end-point
ANALYSIS
CLOUD-NATIVE APPLICATIONS REQUIRE A SECURITY-FIRST MINDSET
Joe Byrne , CTO Advisor , Cisco AppDynamics , discusses the growing cybersecurity challenges in modern application environments , particularly in Kubernetes , due to rapid development prioritising speed over security .
It ’ s no coincidence that as the shift to modern application is increasing , so is the number of security incidents . A study from Red Hat found that the majority ( 93 %) of businesses have experienced at least one security incident in their Kubernetes environments in the past 12 months .
For a third of these organisations ( 31 %), the result has been financial or customer losses . Because many Kubernetes clusters are openly accessible and unprotected , organisations in their quest to becoming ‘ cloud-first ’, are unintentionally also becoming increasingly vulnerable to reputation and revenue-impacting security breaches .
The challenge is that the change has been rapid and as a consequence , security teams simply don ’ t have the tools and insights they need to counter the new breed of threats . Wide adoption of modern applications is leading to a dramatic expansion in attack surfaces and security professionals now have major visibility gaps across their application landscape , particularly within Kubernetes environments . The sprawling topology of applications means that without specific tools , it ’ s almost impossible for them to understand where new threats are coming from .
This is exacerbated by the fact that security teams have no way to filter through the deluge of alerts , and without the ability to prioritise threats , it ’ s impossible to correctly determine which issues pose the greatest risk . Indeed , in a recent survey of global technologists , Cisco identified that the majority of technologists admitted that they often end up operating in ‘ security limbo ’ because they don ’ t know what to focus on and prioritise .
Organisations have been quick to embrace the shift to modern applications but they must stop short of also addressing the security threats that these now introduce . For security teams , this means embracing new ways of working and implementing new security solutions .
Application security is being hampered by siloed teams and tools
In their efforts to cater to growing customer needs and demands and to stay ahead of the competition , many organisations have ( understandably ) prioritised speed over security within application development over recent years . However , the implications of this are now being felt across all industries , with IT teams reporting massive increases in security threats within their modern application environments .
The shortcoming is that the same organisation that recognises the competitive edge that modern
72 WWW . INTELLIGENTCISO . COM