A survey of 300 cloud engineering professionals found that 36% of organizations suffered a serious cloud security data leak or a breach in the past 12 months. Eight out of ten are concerned they’re vulnerable to a major cloud data breach, and 64% say the problem will get worse or remain the same over the next year. The findings are part of The State of Cloud Security 2021 report, produced by Fugue and Sonatype.
As the scale of cloud environments grows, cloud teams say that risks — and the challenges and costs of addressing them — are increasing. The primary causes of cloud misconfiguration are too many APIs and interfaces to govern, cited by 32%, 31% cited a lack of controls and oversight, 27% cited a lack of policy awareness, and 32% cited team negligence. 21% are not checking Infrastructure as Code (IaC) prior to deployment, and 20% are not adequately monitoring their cloud environment.
Cloud security teams tasked with preventing and eliminating cloud misconfiguration vulnerabilities are struggling with many familiar security issues, including false positives (cited by 27%), alert fatigue (21%) and human error (38%). 36% are finding it difficult to hire and retain cloud security professionals, and 35% cite challenges with training. Half say their teams are investing 50+ engineering hours per week to IaC security, and a similar investment is going to cloud runtime security.
When asked what they need to more effectively manage cloud security, 96% say having one set of policies that works for both IaC and the cloud runtime would be valuable. 47% say they need better visibility into their cloud environment, and 43% say that better compliance auditing and reporting automation would help.
Fugue partnered with Sonatype to survey 300 DevOps, cloud, and security engineers on cloud security risks, challenges, and organizational impact. The online survey was conducted by Propeller Insights.
Read then full report by Fugue and Sonatype here.
VentureBeatVentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more