The primary causes of cloud misconfiguration involve too many APIs and interfaces to manage, lack of controls and increased oversight, the lack of policy awareness, and security negligence – reveals a new study.
With the acceleration of cloud adoption and the increased scale of cloud environments across industries, engineering and security professionals consider it a huge security risk. Accordingly, the costs of addressing such issues are also growing. A recent study from Fugue in association with Sonatype found serious cloud security data leaks and breaches amid the pandemic era.
A survey of more than 300 cloud professionals was conducted to understand the scenario better. The report titled State of Cloud Security 2021 found that nearly 36% of organizations have suffered major cloud security attacks and data mismanagement in the past 12 months. In fact, eight out of ten are highly worried that they could be vulnerable to a critical data breach – related to cloud misconfiguration.
Even more than 64% of professionals noted that this issue would get worse as we advance. If not, it will remain unchanged over the next few years. Overall, the statistics reveal the significant complexities and dynamism of at-scale cloud environments, and they outpace the ability of IT teams to keep secure.
As explained by Josh Stella, CEO at Fugue, in the company blog – “Engineering and security teams continue to ramp up the time and resources they invest in CS but say they still lack the visibility and automation they need.” Certainly, cloud misconfiguration mistakes are leading to substantial insider threats.
Basically, the primary causes of cloud misconfiguration generally involve too many APIs and interfaces to manage (32%), lack of controls and increased oversight (31%), the lack of policy awareness (27%), as well as security negligence (23%). Besides, one-fifth of firms believe they are not checking Infrastructure as Code (IaC) before deployment.
This could also be due to the fact that companies are not adequately monitoring the cloud environment for misconfiguration, reported 20%. Today, the adoption of IaC is a double-edged sword as it puts cloud infrastructure into the hands of developers. However, it also opens organizations to serious risks linked with system misconfiguration.
IT professionals said traditional security challenges play a crucial role in cloud security. This includes a human error (reported by 38%), false positives (27%), and alert fatigue (21%). The mandate for cloud security expertise continues to overtake the supply as 36% cite challenges in hiring and retaining CS teams.
Furthermore, the adoption of IaC provides cloud professionals with the chance to check configurations pre-deployment. As per the data, half of the teams said they are investing 50+ engineering hours/ week on IaC security. They spend the same amount of time on securing the running cloud environments.
So, what exactly do cloud security professionals require?
The lack of updates and policies that work around the cloud development lifecycle (CDLC) from IaC via the runtime has been cited as a significant challenge. Nearly 96% indicated that a unified policy framework would be valuable, and roughly 47% need better visibility into their environments. Even automated compliance audits and approvals is also an option.
According to Matt Howard, EVP at Sonatype – “The survey results highlight the need to empower developers with advanced security guardrails and rapid feedback to ensure that cloud infrastructure is secure and complies with relevant regulations and defined policies.” And, cloud and code security is a ‘people’ problem.
For more such updates follow us on Google News ITsecuritywire News.