NETWORKS & APPLICATIONS holding their IT operations and information security teams primarily responsible for detecting , monitoring , and tracking potential misconfigurations as well as remediating these misconfigurations rather than distributing responsibilities across the DevOps or application engineering teams who may be accidentally causing such mistakes and are in a better position to directly fix these errors .
The CSA says it ’ s important for organisations to shift left the remediation responsibilities to DevOps and application engineering teams in order to manage misconfiguration risk more effectively . The research found the primary reason organisations state for having a security incident due to misconfigurations is ‘ lack of visibility ’ ( 68 %). The CSA believes It is equally as important for organisations to prioritize tooling that provides improved visibility , effective risk governance and automation . These functions will help improve the organization ’ s ability to quickly identify and correct misconfigurations , regardless of the team responsible for them .
cybermagazine . com 89