Styra Report Finds Rapid Cloud-Native and Open-Source Adoption is Shifting Security Responsibilities Across Teams

Study from the creators and maintainers of Open Policy Agent provides insight into how an increase in cloud-native and open-source adoption is driving security prioritization at organizations but also leading to ownership misalignment among teams

REDWOOD CITY, Calif. — March 23, 2022

Styra, Inc., the creators and maintainers of Open Policy Agent (OPA) and leader of cloud-native authorization, today released results of a new “2022 Cloud-Native Alignment Report.” The research report explores how in sync, or misaligned, IT decision makers and developers are when it comes to cloud-native technology use and security during their digital transformation journeys. As organizations increase adoption, the report outlines why developers and IT decision-makers need a unified approach in addressing security and compliance.

Styra surveyed 350 IT decision-makers and 350 developers that work with cloud-native environments to learn how they view their responsibilities when contributing to digital transformations at their organizations. Having a unified approach between IT decision-makers and developers during the transition to cloud-native is paramount to making internal processes and innovation more efficient. Styra conducted this survey to see how coordinated the two groups are, and to understand where disconnects create challenges for an organization’s success.

According to the findings, cloud-native and open-source are booming with IT decision makers (97%) and developers (96%) stating that their organizations plan to expand use over the next 12 months. With this increase in use comes a greater need for security due to rising compliance regulations and ever-evolving cyberattacks. Both parties stated that they have high confidence in their organizations’ ability to manage security for cloud-based applications, with 97% of IT decision-makers and 96% of developers rating their abilities as strong.

Even with confidence in an organization’s security, IT decision makers and developers need to increase alignment on who owns policy, compliance and cloud security responsibilities in order to make operations seamless. Here is where they currently stand:

  • Defining policies that control how cloud applications are secured and managed: 
    • 21% of developers believe IT Infrastructure and Ops Team teams are responsible
    • 45% of IT leaders believe its the IT Infrastructure and Ops Team 
  • Proving that applications are compliant internally:
    • 22% of developers believe that IT Infrastructure and Ops teams are responsible
    • 41% of IT decision makers believe that IT Infrastructure and Ops teams are responsible
  • Meeting and proving compliance to external auditors: 
    • 42% of developers said it is the security teams’ job 
    • 25% of  IT decision makers believe it is the security team’s job

“With organizations increasing their investment in cloud-native and open-source technologies, it’s important that teams are aligned when it comes to security,” said Tim Hinrichs, co-founder and CTO at Styra. “As the creators of Open Policy Agent and leaders in cloud-native authorization, we’re seeing firsthand in our community the changing dynamics around security and policy, especially with new trends like ‘shift left,’ ‘everything-as-code’ and ‘DevSecOps.’ While it’s great to see both developers and IT decision-makers aligned around the importance of cloud-native security, they need to start looking at it with a unified approach.” 

Additional findings in the “2022 Cloud-Native Alignment Report” include:

  • Cloud-native and open-source adoption leads to different challenges:
    • Over the next 12 months, 63% of IT decision makers believe training employees to use cloud-native and open-source tools is the biggest challenge 
    • Over the next 12 months, 70% of developers believe onboarding each piece of new technology and phasing out old technology is the biggest challenge 
  • IT decision makers and developers have different priorities in mind: 
    • Developers believe migrating legacy applications to the cloud (67%) and building production, customer-facing cloud applications (66%) should come first
    • IT decision makers slightly differ, believing enhancing data privacy security measures (77%) and then migrating legacy applications to the cloud (59%) should be prioritized
    • Both parties (IT leaders – 57%, developers – 65%) believe building a proof-of-concept application in the cloud should come third

“These findings prove that IT decision makers and developers need to work together as they take on accelerated adoption of open-source and cloud-native tools,” said Hinrichs. “With Open Policy Agent and policy management systems like Styra DAS, teams can get on the same page and streamline their efforts when it comes to security in cloud-native and open source environments. Doing so now will ensure organizations are setting themselves up for success now and well into the future.”

Download the full copy of the “2022 Cloud-Native Alignment Report,” and If you are interested in learning more about securing your cloud-native solutions with Styra, please visit here.


About Styra

Styra enables enterprises to define, enforce and monitor policy across their cloud-native environments. With a combination of open source (Open Policy Agent) and commercial products (Declarative Authorization Service), Styra provides security, operations and compliance guardrails to protect applications, as well as the infrastructure they run on. Styra policy-as-code approach lets developers, DevOps, and security teams mitigate risks, reduce human error and accelerate application development. Learn more at Styra.

Cloud native
Authorization

Entitlement Explosion Repair

Join Styra and PACLabs on April 11 for a webinar exploring how organizations are using Policy as Code for smarter Access Control.

Speak with an Engineer

Request time with our team to talk about how you can modernize your access management.