A RAPIDLY SHIFTING CLOUD SECURITY LANDSCAPE
Cloud computing ushered in the greatest transformation in IT in decades, and now the cloud is going through its own transformation — with profound implications for security.
Cloud has been used predominantly as a platform for hosting third-party applications or those migrated from a datacenter. In this model, cloud environments largely resemble their data center counterparts, with
familiar-looking virtual machines and networks. IT engineers use cloud consoles to configure the infrastructure needed to host applications, or to provide infrastructure for developers who are building applications to run natively in the cloud. It’s the infrastructure constraints that determine how the application must be developed.
But the adoption of infrastructure as code (IaC), DevOps, and cloud native services and architectures is changing how we use the cloud, and what’s needed to keep cloud environments secure. IaC means cloud
infrastructure now has its own software development life cycle (SDLC), often involving CI/CD pipelines. The boundary between infrastructure and application is blurring. Infrastructure has become a part of the
application — and developed alongside it using IaC. In this model, it’s the application requirements that determine the necessary infrastructure.
This shift is blurring the boundaries between the traditional silos of development, operations, and security — and leading to a convergence of security responsibilities. The use of IaC presents the opportunity to
shift left and address cloud security earlier in the SDLC, when it’s faster and easier to do so. Engineers are taking more ownership over cloud security, motivated in part by the desire to improve productivity and
For this report, Snyk surveyed more than 400 cloud engineering and security professionals to better understand the cloud risks and challenges they face, and how they’re successfully improving their cloud