Snyk has published the State of Cloud-Native Application Security Report’s result. More than half of the companies surveyed experienced a security incident due to misconfiguration or a known vulnerability in their cloud-native applications. Developers are three times more likely to view security as their responsibility versus their security peers. Additionally, deploying automation makes it 17 times more likely that security tests run daily or more frequently.
56% experience misconfigurations or known vulnerability incidents
Cloud-native adoption changes the way organizations defend against cloud threats, with misconfigurations and known vulnerabilities distinctly emerging as primary concerns.
Key findings show:
- 60% of respondents have increased security concerns since adopting cloud-native.
- Misconfigurations were noted as the biggest area of increased concern
- Known unpatched vulnerabilities (38%) are responsible for the greatest number of security incidents in their cloud-native environments.
Significant findings indicate greater security ownership is now being embraced by development teams faster than security teams are willing to let go of their own historic role in the traditional process.
- Respondents in security roles were almost three times more likely to attribute security ownership to their team versus their development team counterparts.
- More than one-third (36%) of developers admit they feel responsible for the security of their cloud native environments.
- At the same time, less than 10% of respondents in security roles believed any security responsibility lay with developers.
Automated testing is rising
Automation also makes it easier to conduct more frequent testing, allowing for vulnerabilities to be identified and fixed quicker:
- Nearly 70% of respondents with high levels of deployment automation were able to test their security daily (17 times more than respondents who had no deployment automation, with 60% of those only testing their security monthly).
- More than 72% of respondents with high levels of automation have an average time to fix vulnerabilities of less than one week, with over a third (36%) having an average of one day or less.
- Automated testing is also a key enabler of visibility into security issues, with more than a quarter (28%) of organizations with low levels of automation acknowledging they don’t currently know how long it takes them to fix issues.