As cloud adoption rates accelerate and the complexity of their environments grows, security teams are faced with increasing security challenges and risks.
State of Cloud Security 2021 survey conducted by Fugue and Sonatype showed that the complexity and dynamism of cloud environments have caused teams to fail to keep their networks secure.
Fugue and Sonatype surveyed 300 cloud professionals, which included cloud engineers, security engineers, DevOps, and architects.
The survey revealed that 36% of the organizations that responded experienced a serious cloud security breach in the past 12 months.
Eight out of ten companies are worried that their data is at risk of being breached due to cloud misconfiguration. And 64% think the risk will get worse over the next year.
“This year’s survey reveals that the complexities and dynamism of at-scale cloud environments outpace the ability of teams to keep them secure,” said Josh Stella, CEO, Fugue. “Engineering and security teams continue to ramp up the time and resources they invest in cloud security but say they still lack the visibility and automation they need.”
Too many APIs and interfaces to manage are the primary reasons why cloud misconfiguration occurs, according to 32% of respondents. Another common cause is a lack of policy awareness (27%) and negligence (23%). While 21% said they are not checking Infrastructure as Code (IaC) prior to deployment.
“The adoption of IaC is a double-edged sword, it puts cloud infrastructure into the hands of developers, but also opens organizations to serious risk associated with misconfiguration,” said Matt Howard, EVP, Sonatype. “The survey results highlight the need to empower developers with advanced security guardrails and rapid feedback to ensure that cloud infrastructure is secure and complies with relevant regulations and defined policies.”
Traditional security challenges such as alert fatigue (21%), false positives (27%), and human error (38%) are most prevalent in cloud security. Respondents also cited demand for cloud security expertise which outpaces supply.
The lack of a unified policy that covers the entire cloud development lifecycle (CDLC) is a major issue for many organizations, with 96% saying that such a policy would be beneficial.
“This year’s survey reveals that the complexities and dynamism of at-scale cloud environments outpace the ability of teams to keep them secure,” experts concluded.
