Open source brings faster path to security for majority of CISOs


Perceptions of open source among CISOs appear to be changing.

According to Aqua Security research, the majority (70%) of CISOs believe that open source software (OSS) offers a faster path to security of environments

When it comes to the security benefits that open source provides, 78% of CISOs believe it provides them with access to the best and most current cloud security innovations, while over 60% actively prefer to work with vendors who build open source projects.

“Perceptions of open source software are evolving. What was once seen as potential risk is now seen as an enabler for both security and business,” said Paul Calatayud, CISO at Aqua Security.

“This is particularly relevant for cloud-native environments, which benefit from the rapid innovation and agility that are common within the OSS community.

“These characteristics support CISO interest in working with vendors who are actively supporting OSS projects.”

Cloud-native security approaches

Aqua Security’s study also explored perspectives on risks and security approaches for software security and cloud-native environments, finding that 87% of CISOs agree that securing the full application lifecycle — including infrastructure, application code and workloads — is critical.

Meanwhile, 84% said that automated security checks across the software supply chain can accelerate software delivery.

When considering the easiest first step to securing production workloads, 68% cited starting with an inventory and assessment of the entire environment.

Using a single source of truth for cloud security is favored by 69% of the CISOs, who value this for cutting down on friction between different teams in application development.

Calatayud added: “Visibility without active protection is not sufficient to keep cloud native environments secure, which is why Gartner includes it as a key capability of Cloud Native Application Protection Platforms.

“Security teams need the ability to efficacy detect and follow up on risks across their complex, distributed application portfolios, which is why we see most CISOs consider active protection as a nonnegotiable for cloud-native security.”

100 US-based CISOs at Fortune 1000 or larger companies were surveyed by Aqua Security, to evaluate security decision makers’ understanding and perspectives regarding cloud native security and the use of OSS.

Related:

The CISO: the enabler of innovation — Myles Bray, senior vice-president EMEA at Forcepoint, discusses how the role of the chief information security officer (CISO) has changed, to enable innovation.

WIT Summit Europe Q&A: digital transformation and open source — Leslie Hawthorn, vertical community strategy manager at Red Hat, and Cali Dolfi, data scientist at Red Hat, spoke to Information Age about digital transformation trends in open source, and promoting DEI.

Leave a Comment