Nearly 70% of Chief Information Security Officers (CISOs) believe open source security solutions provide a faster way to secure their environments, according to new research released by cloud native security provider Aqua Security. Similarly, 78 percent of CISOs believe open source solutions give them access to the best and most up-to-date innovations in cloud security, and more than 60 percent actively prefer to work with vendors who work on open source projects.
The poll also looked at CISO thoughts on software security and cloud native environments, as well as threats and security techniques. According to the survey, 87 percent of respondents believe that securing the entire application lifecycle – including infrastructure, application code, and workloads – is critical, and 84 percent believe that automating security checks across the software supply chain can actually speed up software delivery.
The research is based on a survey conducted by Aqua Security of 100 CISOs from Fortune 1000 or bigger firms in the United States, spanning a variety of industries. Its goal was to assess security decision makers’ knowledge and opinions on cloud native security and open source software utilization (OSS).
“Perceptions of open source software are evolving. What was once seen as potential risk is now seen as an enabler for both security and business,” said Paul Calatayud, CISO at Aqua Security. “This is particularly relevant for cloud native environments, which benefit from the rapid innovation and agility that are common within the OSS community. These characteristics support CISO interest in working with vendors who are actively supporting OSS projects.”
Cloud Native Security
More than two-thirds of CISOs feel that the most straightforward way to secure production workloads is to start with a comprehensive inventory and audit of the whole environment (68 percent). 69 percent of CISOs prefer using a single source of truth for cloud security because it reduces friction between multiple teams in application development.
88 percent of CISOs regard both active protection and visibility for workloads as critical to decrease company risk, according to the report. In fact, nine out of ten people feel that active protection is an important part of cloud native security.
“Visibility without active protection is not sufficient to keep cloud native environments secure, which is why Gartner includes it as a key capability of cloud native application protection platforms,” added Mr. Calatayud. “Security teams need the ability to efficiently detect and follow up on risks across their complex, distributed application portfolios, which is why we see most CISOs consider active protection as a nonnegotiable for cloud native security.”