Study: Severe Cloud Security Incidents Affect 80% of Organizations

A market study commissioned by Snyk and conducted by Propeller Insights, has revealed that 80 percent of organizations (four out of five) had encountered at least one serious event involving cloud security in the last 12 months, including data breaches, data leaks, and intrusions into their environment.

The results of Snyk’s ‘State of Cloud Security Report’ would show how modern security experts and cloud security engineers are coping with the intricate cloud security risks and difficulties that have arisen as a result of rapidly expanding cloud usage and rising interest in developing cloud native applications.

The study also emphasizes the advantages of greater cloud security spending, such as enhanced incident prevention, increased effectiveness, and cross-team collaboration, which may hasten the deployment of an application as a whole.

Additionally, the study released by Snyk found the following:

  • Nearly half (49 percent) of organizations feel deployment is quicker as a consequence of increased cloud security
  • 41 percent of respondents claim that cloud native services increase complexity, further complicating their security efforts

More than 400 executives and practitioners in cloud engineering and security from various organization kinds and sectors participated in the survey that served as the basis for this research. Propeller Insights carried out the poll in the second quarter of 2022.

“This new research should serve as a wake-up call that our collective cloud security risk is universal and will only continue to grow if we double down on outdated approaches and legacy tools,” said Josh Stella, Vice President and Chief Architect at Snyk. “The outlook is not entirely dire, however, as the data also clearly reveals that shifting cloud security left and embracing DevSecOps collaboration can allow global organizations to continue their current pace of innovation more securely.”

Startups and Public Sector

Startups (89%) and public sector firms (88%) reported being the most impacted during the past 12 months among cloud customers representing organizations of all sizes and industrial sectors. However, large enterprises performed better (presumably as a consequence of increased investment), and small and mid-sized businesses (SMBs) reported doing the best (probably as result of a smaller cloud footprint and less infrastructure complexity).

The most serious occurrences they were aware of, according to the respondents, included data breaches, data leaks, and intrusions into their environment. Undoubtedly, each of these comes at a hefty cost to multinational corporations, including but not limited to penalties for failed audits and compliance infractions, cryptomining charges added to client cloud bills, and lost productivity from system outages.

Tellingly, respondents also stated that this global danger is probably going to increase in the near future. As a result, respondents acknowledged the following:

  • 25% of respondents fear they have just had a cloud data leak but are oblivious to it
  • The majority (58%) of security experts and developers think that their company’s risk of a cloud data leak would only rise over the coming year

Cloud Native Approach

While cloud native application development unquestionably enables contemporary developers to work more quickly and produce more, new difficulties and complexities have also surfaced as the overall attack surface has grown and the distinction between security responsibilities has become less distinct.

Ultimately, a lack of efficient cross-team coordination and team training is to blame for a large portion of today’s cloud security failures. It might be difficult to reconcile work across teams and ensure consistent enforcement when separate teams utilize various tools or policy frameworks. Additionally, inadequate tooling that generates false positives would frequently cause alert fatigue among security teams, which increases human error when determining the essential issues that need to be prioritized and dealt with.

Further, consider the following:

  • Problems with inadequate training and teamwork are listed as a serious difficulty by 77% of the firms
  • The need for technical resources is cited by 45% of businesses as having the major influence on cloud security

Conventional Security Techniques

Organizations that strengthen their cloud security would get advantages that go beyond incident mitigation.

Teams must finally abandon the conventional security techniques and technologies that were created for legacy systems as they fully embrace the cloud to develop new apps, according to the study. Businesses that support and accept this paradigm change gain from better team cooperation, supporting enhanced developer productivity and quicker secure innovation, given the reality of cloud native development and the multiple internal stakeholders involved.

To this end, respondents asserted:

  • Infrastructure-as-code (IaC) security reduces cloud misconfigurations by a median of 70%
  • Nearly half (48%) claimed that when cloud security is enhanced, their security team can accomplish more with the tools at their disposal
  • 44% of those surveyed claimed that increased security had improved teamwork