SmartBear announced its acquisition of QMetry, provider of an AI-enabled digital quality platform designed to scale software quality.
Companies are increasingly embracing the power and agility of cloud-based solutions, with more than 20% of their workloads running in the cloud today, with plans to grow more than 50% in the next 18 months. With this accelerated cloud adoption comes inherent challenges and apprehension, as Check Point's 2023 Cloud Security Report reveals. As a result, 76% of organizations are apprehensive about cloud security, and cloud-based attacks are increasing at an alarming rate.
The greatest security attack threat is cloud misconfigurations, with a quarter of the respondents stating that they have already succumbed to a public cloud security incident due to a misconfiguration. In addition, the survey found that cloud misconfiguration was seen as the primary risk by 60% of the participants.
The 2023 Cloud Security Report results also show that organizations are still dealing with fundamental cloud security challenges. For instance, 58% of organizations need help to deploy and manage a complete solution across all cloud environments, 52% struggle to ensure data protection and privacy, and 49% struggle to understand how different security solutions fit together. A real cause for concern is that an overwhelming 43% of organizations need to access three to four separate security solutions to configure the policies that secure their enterprise's cloud footprint.
One potential solution to these challenges is the consolidation of security policies, operations, and responsibilities into a single platform. With only 20% of respondents having a comprehensive DevSecOps process in place, it is clear that more organizations should implement a developer-centric approach that enforces security policies throughout the software development lifecycle. This prevents developers from creating friction in the development process while securing the system effectively.
A developer-centric approach is a paradigm shift from the traditional top-down approach that separates developers from security operations. This approach requires developers to have the necessary context to identify, prioritize, and remediate security risks within the software supply chain. To make this a reality, better-integrating features such as code scanning, effective risk management, and CIEM are essential building blocks for mitigating risk and employing zero trust across the board.
Moving forward, we expect to see the expansion of comprehensive DevSecOps processes in organizations, with developers taking active roles in decisions about what technologies are used to implement security control requirements and standards. More than 40% of DevOps engineers are already being held accountable for technical changes to systems that are required to remediate security and compliance, according to the report.
By embracing a CNAPP platform approach and devoting resources to automation, scaling, and risk management, organizations can achieve the full life cycle protection requirements of cloud-native applications from development to production.
Industry News
Red Hat signed a strategic collaboration agreement (SCA) with Amazon Web Services (AWS) to scale availability of Red Hat open source solutions in AWS Marketplace, building upon the two companies’ long-standing relationship.
CloudZero announced the launch of CloudZero Intelligence — an AI system powering CloudZero Advisor, a free, publicly available tool that uses conversational AI to help businesses accurately predict and optimize the cost of cloud infrastructure.
Opsera has been accepted into the Amazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate Program, a co-sell program for AWS Partners that provides software solutions that run on or integrate with AWS.
Spectro Cloud is a launch partner for the new Amazon EKS Hybrid Nodes feature debuting at AWS re:Invent 2024.
Couchbase unveiled Capella AI Services to help enterprises address the growing data challenges of AI development and deployment and streamline how they build secure agentic AI applications at scale.
Veracode announced innovations to help developers build secure-by-design software, and security teams reduce risk across their code-to-cloud ecosystem.
Traefik Labs unveiled the Traefik AI Gateway, a centralized cloud-native egress gateway for managing and securing internal applications with external AI services like Large Language Models (LLMs).
Generally available to all customers today, Sumo Logic Mo Copilot, an AI Copilot for DevSecOps, will empower the entire team and drastically reduce response times for critical applications.
iTMethods announced a strategic partnership with CircleCI, a continuous integration and delivery (CI/CD) platform. Together, they will deliver a seamless, end-to-end solution for optimizing software development and delivery processes.
Progress announced the Q4 2024 release of its award-winning Progress® Telerik® and Progress® Kendo UI® component libraries.
Check Point® Software Technologies Ltd. has been recognized as a Leader and Fast Mover in the latest GigaOm Radar Report for Cloud-Native Application Protection Platforms (CNAPPs).
Spectro Cloud, provider of the award-winning Palette Edge™ Kubernetes management platform, announced a new integrated edge in a box solution featuring the Hewlett Packard Enterprise (HPE) ProLiant DL145 Gen11 server to help organizations deploy, secure, and manage demanding applications for diverse edge locations.
Red Hat announced the availability of Red Hat JBoss Enterprise Application Platform (JBoss EAP) 8 on Microsoft Azure.
Launchable by CloudBees is now available on AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS).