Styra Inc., the creator and maintainer of Open Policy Agent, an open-source engine for unifying and enforcing policies across computing environments, today released a new report on how cloud-native software application adoption is shifting security responsibility across teams.

The “2022 Cloud-Native Alignment Report” looks at how information technology decision-makers and developers are in sync or misaligned when it comes to cloud-native technology use and security during their digital transformation journeys. As organizations increase adoption, the report says, developers and IT decision-makers need a unified approach to address security and compliance.

Based on a survey of 350 IT decision-makers and 350 developers, the results found that adoption of cloud-native application development and open source are booming. Some 97% of IT decision-makers and 96% of developers said their organizations plan to expand use over the next 12 months.

The increase in use comes with a greater need for security because of rising compliance regulations and ever-evolving cyberattacks. Both groups surveyed said they have high confidence in their organizations’ ability to manage security for cloud-based applications.

However, a problem arises with who should own policy, compliance and cloud security responsibilities in an organization to make operations seamless. Only 21% of developers said that they believe IT infrastructure and ops teams are responsible, while 45% of IT leaders believe that. Application compliance had a similar split — 22% to 41%.

Meeting and proving compliance to external auditors also had a variance. About 42% of developers said it’s the security team’s job, while only 25% of IT decision-makers believe so.

“With organizations increasing their investment in cloud-native and open-source technologies, it’s important that teams are aligned when it comes to security,” Tim Hinrichs, co-founder and chief technology officer at Styra, said in a statement. “As the creators of Open Policy Agent, we’re seeing firsthand in our community the changing dynamics around security and policy, especially with new trends like ‘shift left,’ ‘everything-as-code’ and ‘DevSecOps.’”

Other findings in the report include 63% of IT decision-makers believing that training employees to use cloud-native and open-source tools is the biggest challenge. Conversely, 70% of developers cite onboarding each piece of new technology and phasing out old technology as the biggest challenge.

Developers believe migrating legacy applications to the cloud (67%) and building production, customer-facing cloud applications (66%) should come first. IT decision-makers believe enhancing data privacy security measures (77%) and then migrating legacy applications to the cloud (59%) should be prioritized.

“These findings prove that IT decision-makers and developers need to work together as they take on accelerated adoption of open-source and cloud-native tools,” Hinrichs added.

Image: Max Pixel