Why it’s time to make continuous cloud security part of your developer journey

Cloud computing hasn’t always been synonymous with great Security. However, despite early fears that it was less secure than data centres, the cloud is now considered a useful - and secure - solution for most critical business functions. While some of its earliest adopters could afford to be somewhat blasé about Security, that’s no longer the case. The latest generation of cloud entrants mainly operate in finance and government sectors, meaning that security and compliance are at the very top of their agendas.

This emphasis on cloud security has also been sped up by the series of significant data breaches which have affected consumers in recent years. Security has been thrown into the legal spotlight more than ever before too, particularly after GDPR was introduced in Europe, giving strict regulation for businesses to either comply with or face direct consequences.

But while the development and operations departments of businesses have largely embraced the dynamic world of the cloud, for the security team it presents a whole new set of challenges. They no longer work with controlled environments that they can carefully assess and manage as they did before. Instead, with cloud platforms and application code so tightly integrated, development teams must now incorporate security requirements into their code itself to enforce in the platform.  

As cloud platforms often change daily, the potential risk of a misconfiguration is significant. According to Gartner analysis, by 2020, 80 percent of cloud breaches will be due to customer misconfiguration, mismanaged credentials, or insider theft - not cloud provider vulnerabilities. 

Solutions do now exist that can help the security team with these challenges. These solutions allow them to define their policies (PCI-DSS, CIS, NIST, HIPAA) against the cloud environments and, then, to present them to the development team in a concise way.

Reducing the unnecessary overheads incurred in maintaining security policies can aid an organisation enormously.