As much as we want to think that companies are prioritizing security in the cloud-native world, that is not the case. According to Karsten Samaschke, CEO of Cloudical, “Companies plan for security when pretty much everything is deployed, but that’s too late in the cloud and cloud-native environments.”
Misconfigurations and bugs are primary causes of security, but Samaschke believes not having the right processes in place also exposes companies to attackers. Security is as much a people/culture problem as it is a technology problem. Developers often have this mindset of looking at Ops and Security folks as their enemies. DevSecOps is trying to address that, but there is still a long way to go.
Samaschke also highlighted the complexity of modern cloud-native architecture that contributes to security issues. This has been an eye-opening discussion and I hope you enjoy it as much as I did.