Research reveals strategies to improve cloud-native security
As organizations focus on the cloud to deliver and scale applications, security teams struggle to keep up. Recent research points to how teams can effectively manage cloud security risk.
Facing demands to increase productivity and scale, organizations are using cloud platforms and cloud-native development processes to quickly build, deliver and update applications. Security teams are struggling to keep up, however, which has resulted in security incidents that cause application downtime, unauthorized access, data loss and compliance fines that have serious business implications.
My latest TechTarget Enterprise Strategy Group research, "The State of Cloud Security Platforms and DevSecOps," revealed how security teams are doing as more workloads live in the cloud. Here are some highlights, as well as ways security teams can improve their programs.
Gaining visibility and control of rapidly scaling elements
We all know the adage that you can't secure what you can't see, and attackers will always look for unsecured or neglected exposures or vulnerabilities. Organizations continue to struggle with shadow assets and rapidly proliferating attack surfaces, as well as finding ways to continuously monitor applications, their components, and related infrastructure and resources, which are often rapidly scaled up and down. This creates challenges for proactively mitigating risk, and for detecting and responding to security threats or attacks.
Respondents to the survey expressed concern about a wide range of cloud-native elements. The top five are as follows:
- AI technology.
- Software supply chain.
- Cloud service provider infrastructure.
- Data storage repositories.
- APIs.
These elements are rapidly scaling and expanding attack surfaces and risk. Organizations should look for ways to gain visibility, set the proper controls, monitor these elements, identify security issues or vulnerabilities and remediate issues. Security teams need to collaborate with other groups as adoption and usage evolves to select the tools and processes that best prevent cybersecurity incidents.
Addressing increased chances for misconfigurations
Cloud-native development enables increased productivity, but the higher speed and volume of releases and growth of development teams create more chances for mistakes to be made that become vulnerabilities, exposing organizations to the risk of attacks.
The research showed a majority of organizations have experienced a range of misconfiguration problems within the last year, including access and permission issues, as well as application, service and infrastructure configuration issues. The results also showed organizations that detected misconfigurations suffered serious consequences because of the exposure, including unauthorized access to applications and data, lost data and malware infections.
Looking at platforms for efficiency in mitigating risk and managing security posture
In the survey, almost all organizations (92%) reported they suffered from cybersecurity incidents with their cloud-native applications over the past year. The following are the top types of incidents they experienced:
- Exploit of a misconfigured cloud service, workload, security group or privileged account.
- Unauthorized access by a third party.
- Attacks that resulted in the loss of data due to the insecure use of APIs.
- Exposed or lost data from an object store.
Because so many incidents are preventable, it's no surprise the study showed 88% of organizations agreed (52%) or strongly agreed (36%) they are looking for a platform approach to drive efficiency in connecting application security processes to security posture management. In addition, 84% of respondents agreed or strongly agreed (51% and 33%, respectively) a cloud-native application protection platform (CNAPP) would give them a consolidated approach for more efficient cloud security risk mitigation.
Organizations should look at platforms that provide the context needed to prioritize remediation based on the highest effect in terms of reducing risk. It doesn't matter if organizations have multiple tools in place to catch every misconfiguration; it matters whether they can remediate vulnerabilities in time to prevent an incident.
Efficiency for rapid response to incidents
Organizations also reported serious consequences tied to attacks that occurred between the time the incident was detected and when it was mitigated. The top five consequences for these issues included the following:
- Data loss/exfiltration (31%).
- Application downtime (31%).
- Business process disruption (29%).
- Customer data loss (27%).
- Compliance violations (26%).
As a result, organizations are looking for better tools that speed remediation to mitigate the possible effects of attacks. This is another area where platform tools can help because they can provide more context and optimize efficiency of remediation for rapid response to threats or attacks.
Platforms vs. best-of-breed tools
As mentioned, organizations are looking at platform tools, including CNAPPs, to drive efficiency. This reflects the frustration we've seen from security teams and developers who are overwhelmed with multiple tools to deploy and manage, as well as wading through alerts to determine what needs attention to get ahead of an attack or incident.
When asked about their approach for selecting security products, however, 72% said they prefer separate best-of-breed options to ensure comprehensive security and coverage. The other 28% said they prefer consolidated options with an integrated platform and coverage across environments and types of tools.
This illustrates the complexity of cloud-native security and the challenges for security teams. The fundamentals of security haven't changed, including the need for visibility, controls and policies, testing and scanning to identify and remediate issues, and ways to speed detection and response. But the rapidly scaling elements have changed, such as AI, software supply chain elements or APIs, that might require specialized tools to address those fundamentals because the platform tools might not support them as fully.
In talking to security leaders and practitioners, it is clear they don't want to keep adding tools and they are frustrated by having multiple tools that don't work well or aren't protecting them from incidents.
In many cases, security teams can't add more personnel to scale with growth, so they depend on using the most effective security tools and processes. Whether organizations are using platform tools or best-of-breed products, the key is looking for ways to optimize efficiency.
Ideally, tools need to enable better collaboration across teams. This way, security teams can better partner with other groups, including IT, operations, DevOps, developers, security engineers and platform engineers, to enable the secure adoption of new technologies. They can also better work with other teams to incorporate secure processes and tools that work with developer workflows to optimize efficiency in proactively mitigating risk and rapidly responding with efficient remediation.
Melinda Marks is a practice director at TechTarget's Enterprise Strategy Group, where she covers cloud and application security.
Enterprise Strategy Group is a division of TechTarget. Its analysts have business relationships with technology vendors.