Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

The 5 Faces of Development Risk

Published 07/28/2022

Home
Industry Insights
The 5 Faces of Development Risk

Written by Tony Karam, Strategic Marketing Leader, Concourse Labs.

Which of these development risks do you recognize?

Delivering cloud-native applications, quickly, is an existential requirement for most businesses. Security, Risk Management, and DevSecOps leaders are tasked with ensuring cloud misconfigurations do not lead to breach, disruption, or non-compliance events. But agile development and delivery practices including infrastructure as code and automated pipelines have made this increasingly difficult.

74% of organizations do not effectively validate Infrastructure as Code security and compliance, leaving them highly vulnerable to data breach and disruption in cloud.

Gaining visibility and control of cloud security and compliance starts with an understanding of where development risk comes from. Some risks are the result of simple human error, while others are related to ignorance or malfeasance. Read on to get to know the five faces of cloud development risk.

Overloaded Developer

They continually face pressure from deadlines that force them to work fast. As businesses push to do more in less time and tasks multiply, Overloaded Developers make more mistakes that put your reputation and cloud at risk. As a result, 65% of organizations had active cloud storage services without encryption turned on.

Lead Developer

They are needlessly slowed or derailed by irrelevant and last-minute security tickets. Lead Developers often feel frustrated by security delays which are unnecessary. “Why does security break my build with policies that don’t apply to my code? Consider that 73% of developers have thought about quitting their job due to security-related stresses.

Unaware Developer

They have not been given a clear and up-to-date set of standards to comply with. Unlike the Overloaded Developer, the Unaware Developer doesn’t really know which security and compliance checks they should be using to test their code. This is a systemic problem with 41% of developers citing unclear security benchmarks as a barrier to testing their infrastructure as code.

Third-Party Developer

They build code you integrate, but it may not be developed with your standards in mind. Most organizations rely heavily on third-party developers, or the marketplace and open-source code they build. These developers don’t know your environment nor your security and compliance policies. Yet less than 50% of organization scan their open-source libraries.

Nefarious Developer

They can change or ignore controls and circumvent your security without you ever knowing. Did you hear the one about the Nefarious Developer who allegedly stole gigabytes of confidential data, and then tried to sell it back to his then current employer? It’s no surprise that 62% of data breaches are financially motivated.

Read The 5 Faces of Development Risk Infographic to learn why these risks are all too common and what steps you can take to prevent them from putting your cloud and your reputation at risk.

About the Author

Tony Karam is currently a Strategic Marketing Leader in Cybersecurity at Concourse Labs. A big believer that security "takes a village", Tony brings to his role more than 25 years of B2B cybersecurity experience within marketing and product management. Prior to joining Concourse, Tony held various senior-level marketing and product management roles at RSA, BeyondTrust, Positive Technologies and Wave Systems.

DevSecOpsMisconfigurationRisk Management

Share this content on your favorite social network today!

Latest from CSA
Mark Your Calendar for Cyber Monday!
Map the Transaction Flows for Zero Trust
Advance AI Risk Management
Level up with Cloud Infrastructure Security Training
Related Articles:
Establishing an Always-Ready State with Continuous Controls Monitoring

Published: 11/21/2024

Why Application-Specific Passwords are a Security Risk in Google Workspace

Published: 11/19/2024

Managing AI Risk: Three Essential Frameworks to Secure Your AI Systems

Published: 11/19/2024

Top Threat #5 - Third Party Tango: Dancing Around Insecure Resources

Published: 11/18/2024