Premium

DevOps: Can Be Key to Building App Security in the Cloud

In 2018 alone, businesses are projected to spend approximately $96 billion on application security. A major cost for these initiatives, which represent an 8% increase over last year’s estimated amount, is the shift to security for SaaS products with a primarily cloud-based focus.

Though it can be costly for large enterprises to keep up with the changing security landscape, there are ways to adapt. The development of a department that is primarily focused on DevSecOps, a combination of DevOps and security, can help leverage the knowledge and initiative of the security team with the DevOps team’s knowledge of digital automation and collaboration.

One issue lies at the heart of application security in the age of the cloud: user error. According to one estimate, users will cause up to 95% of security breaches for SaaS applications by 2022. These errors can be broken into four primary areas: managing employee downloads, documenting and controlling SaaS portfolios, vetting SaaS applications before deploying them, and proper security maintenance. Each of these poses a significant risk to any company using SaaS products to do business.

One way that experts recommend managing the influx of security threats is to crowdsource security efforts. All users should be informed of security risks and educated on how they can defend themselves.

Tools that are typically used to focus on cloud application and container orchestration can also be extended to fit security use cases. Administrators should look across the spectrum of SaaS tools the company is using to find opportunities to build their businesses security apparatus.

When it comes to cloud applications, more is not always necessarily better. After conducting an internal audit of all applications, companies can eliminate those that are not needed in an effort to decrease liability. Auditing should not be a one time effort, either. Experts recommend that companies regularly assess the security quality and service-level agreements for all the applications they use.

DevOps and Agile methods can also provide a useful framework for maximizing each of these security efforts. At a time when security is more complicated than ever, a holistic approach may be the only way to weather the storm.