Aqua Security has announced the results of a study which reveals that UK organizations have a long road ahead when it comes to understanding, planning and deploying their cloud native security strategies.
The survey gathered insights from 100+ cloud professionals. The results show a clear disconnect between the number of cloud native applications deployed within organizations, and the way in which those applications are secured.
Around a third of respondents stated that between 50-75 percent of their apps are cloud native, yet 20 percent have no cloud native security strategy in place. 68.3 percent of respondents also admit that they are not familiar with the term CNAPP (Cloud Native Application Platform Protection), the cloud native security concept introduced by analyst firm, Gartner.
Paul Calatayud, CISO at Aqua Security said, “As more and more applications are built and run in the cloud, it’s no surprise that we’re seeing threat actors shift their focus to target cloud native environments. This demands a new approach to security. Many organizations in the UK are beginning to understand that cloud native security is not just a ‘nice to have’, but there is a clear need for more education in the UK and beyond.”
Cloud native security strategies prioritization and knowledge gaps
When asked about their overall cybersecurity priorities, 29.8 percent of UK firms said that cloud native application security is a critical cloud security priority – more important than SaaS apps (20.2 percent) and identity and access management (28.8 percent). However, despite this 44 percent of respondents rely on ‘free’ security offerings from their cloud providers which do not deliver the visibility and control needed to minimise cloud native application risk.
When questioned about worries they had relating to cloud native security, 49 percent said their limited understanding of the risks, and lack of knowledge were among the highest areas of concern. Other areas of concern included limited or no budget (53 percent), integration with existing tools and insufficient staffing (both at 42.3 percent).
Risk perception and responsibility
Respondents’ overall lack of awareness about cloud native security is underpinned by the fact that 32.7 percent of respondents consider cloud misconfigurations to be their biggest security concern. Malware attacks (54 percent), social engineering and phishing attacks (56.7 percent) and insider threats (32.9 percent) were considered riskier.
When it comes to who is responsible for cloud native security within an organization, 55.8 percent stated that this sits with the IT security teams. 20.5 percent of respondents attributed cloud native responsibility to DevOps and Security combined teams.
Calatayud said, “Questions around risks and responsibility illustrate the confusion around cloud native. It is projected that cloud native will support more than 90 percent of new digital initiatives by 2025, so we’re at a critical point where cloud native security must be prioritised by both the security and DevOps teams. Traditional tools are simply not effective, and organizations must seek out solutions that will stop cloud native attacks at every level.”