Skip to main content
close search
site logo
Dive Brief

Yes, developers break cloud security rules. But do companies have adequate policies in place?

Published April 9, 2020
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Getty Images

Dive Brief:

  • Half of developers and engineers bypass cloud security or compliance policies, according to a DivvyCloud survey of almost 2,000 IT professionals in 2019. But only 58% of organizations have guidelines for developers for building applications in a public cloud. 
  • While 93% of enterprises are using public cloud, only 40% have cloud and container security strategies. Nearly half, 45%, of respondents said their organizations don't have a cloud management platform, cloud security posture management, cloud access security broker, or cloud workload protection platform. 
  • In 2019, only 64% of respondents were using two or more cloud services, down from 77% the year prior. The decline likely stemmed from complex security strategies, DivvyCloud said.

Dive Insight:

While industry knows cloud is king, organizations still struggle to find their rhythm in adoption. Despite the age of software as a service, 5% of organizations have no plans for adopting public cloud and 7% don't use public cloud services, according to the report. 

"For many, the move to cloud computing really is the move to software-defined infrastructure," Chris Hertz, chief revenue officer at DivvyCloud, told CIO Dive. It means that for the first time "developers have unfettered access to provision and configure their own infrastructure." 

Nearly one-third of respondents who are not adopting public cloud are larger organizations — those with 10,000 or more employees, according to the report. Because large organizations "aren't always homogenous" with layers of business units, "more advanced" business units will adopt the cloud before everyone else. 

Most of the security workforce "came of age" before the cloud and in larger organizations data centers account for most of computing, said Hertz. The workforce is facing a paradigm shift of what perimeter protection is, or what it used to be.

Security is no longer "a command and control approach," Hertz said. "Security must be truly democratized to be a function of everyone who is interacting with cloud services."

The larger the company, the larger security target they are. Equifax and Capital One's data breaches resulted from flaws in web applications. Data breaches are a top of mind issue as they cost enterprises $5 trillion in 2018 and 2019.

The majority of breaches, 59%, were caused by cloud misconfigurations, according to the report. 

Ultimately misconfigurations don't fall onto the cloud provider as they ensure security of the cloud while their customers are responsible for what's in the cloud. 

Before the cloud, there was usually a select group of individuals well-versed in security and privacy compliance measures. However, because the cloud democratized workflows, a "knowledge gap" is forming, said Hertz. There are "people now involved in the creation and configuration of cloud services don't understand the compliance requirements or don’t fully understand them."

Recommended Reading

Filed Under: Cloud, Security

Editors' picks

Company Announcements

View all | Post a press release
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
Editors' picks
Latest in Cloud
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell