Highlights –

  • Eighty percent of firms (four out of five) had encountered at least one serious cloud security event in the last 12 months, including data breaches, leaks, and intrusions into their environment.
  • Startups (89%) and public sector firms (88%) reported being the most impacted during the past 12 months among cloud customers representing organizations of all sizes and industrial sectors.

Snyk, an industry leader in developer security, announced the release of its State of Cloud Security Report. The results show how modern security experts and cloud security engineers are coping with the complex cloud security risks and challenges that have arisen due to rapid cloud adoption and rising interest in developing cloud-native applications.

The study also emphasizes the advantages of increased cloud security investment, such as stronger incident prevention, enhanced efficiency, and cross-team collaboration, which can accelerate the deployment of an application as a whole.

In particular, the report discovered:

  • Eighty percent of the firms (four-fifth) had encountered at least one serious cloud security event in the last 12 months, including data breaches, leaks, and intrusions into their environment.
  • Forty-one percent of the respondents claim that cloud-native services add complexity, making their security efforts more challenging.
  • Almost half (49%) of the firms found deployment to be faster due to enhanced cloud security.

Startups and the public sector are the most affected, with 80% of incidents involving severe cloud security

Cloud customers representing organizations of all sizes and industrial sectors reported being the most impacted during the past 12 months, with startups (89%) and public sector firms (88%) most affected. However, large enterprises performed better (presumably because of increased investment), and small and mid-sized businesses (SMBs) reported doing the best (probably as a result of a smaller cloud footprint and less infrastructure complexity).

According to the respondents, the most severe incidents they were aware of included data breaches, leaks, and intrusions into their environment. Undoubtedly, each of these comes at a hefty cost to global corporations, including but not limited to penalties for failed audits and compliance infractions, crypto mining charges added to client cloud bills, and lost productivity from system outages.

Respondents also stated that this global risk would probably increase in the near future. As a result, respondents acknowledged:

  • One-fourth (25%) were concerned they may have recently experienced a cloud data leak but were unaware.
  • Most (58%) of security experts and developers think that their company’s risk of a cloud data leak will only rise over the coming year.

41% of those using cloud-native approaches see increased complexity as a trade-off

While cloud-native application development unquestionably enables contemporary developers to work more quickly to produce more, new difficulties and complexities have surfaced as the overall attack surface has grown. The delineation of security responsibilities has blurred as well.

Ultimately, many of today’s cloud security failures are due to a lack of efficient cross-team coordination and team training. It might be difficult to reconcile work across teams and ensure consistent enforcement when separate teams utilize various tools or policy frameworks. Additionally, inadequate tooling that generates false positives frequently causes alert fatigue among security teams, increasing human error when determining the essential issues that must be prioritized and dealt with.

Moreover, think about:

  • Seventy-seven percent of the firms revealed problems with poor training and collaboration as a challenge.
  • The need for engineering resources was cited by 45% of businesses as having a significant influence on cloud security.

50% see faster deployment from strategic business results with enhanced cloud security

When organizations strengthen their cloud security, they enjoy advantages that go beyond incident mitigation.

By fully embracing the cloud to develop new apps, teams can finally leave the conventional security techniques and technologies created for legacy systems. Because of the realities of cloud-native development and the multiple internal stakeholders involved, organizations that support and accept this paradigm change gain from better team cooperation, enhanced developer productivity, and quicker secure innovation.

Considering this, respondents claimed:

  • With Infrastructure-as-Code (IaC) security, Cloud misconfigurations reduced by 70%.
  • Nearly half (48%) claimed their security team could accomplish more with the available resources when cloud security is improved.
  • Around 44% of those surveyed claimed that security improvements have improved teamwork.

The survey was conducted among over 400 cloud engineering and security practitioners, with leaders from varied industries. Snyk plans to speak about this analysis’s findings and suggest steps to enhance cloud security at several forthcoming events.

Experts’ Take

According to Josh Stella, Vice President, Chief Architect, Snyk, “This new research should serve as a wake-up call that our collective cloud security risk is universal and will only continue to grow if we double down on outdated approaches and legacy tools. The outlook is not entirely dire, however, as the data also clearly reveals that shifting cloud security left and embracing DevSecOps collaboration can allow global organizations to continue their current pace of innovation more securely.”