Report: 4 in 5 companies have experienced a cloud security incident

Missed a session of MetaBeat 2022? Visit the on-demand library for all our recommended sessions here.


New research from cybersecurity firm Venafi shows that 81% of companies report having experienced a cloud security incident in the past year. And nearly half (45%) report that their organization has experienced at least four incidents.

The study appeared to highlight the increased operational risk caused by companies migrating more of their applications to the cloud due to the complexity of cloud-native environments.

Venafi even found that companies currently host 41% of their applications in the cloud. That percentage is expected to rise to 57% in the next 18 months. As it grows, so will the need for robust cloud security.

Venafi's research found that a majority believe that cloud-based application security should be a shared responsibility between teams.  Source: Venafic
Venafi’s research found that a majority believe that cloud-based application security should be a shared responsibility between teams. Source: Venafic

With the complexity created by the cloud, machine identities have become a rich hunting ground for threat actors targeting the cloud. Every container, including Kubernetes cluster and microservices, needs an authenticated machine identity to communicate securely, such as a TLS certificate. Security and operational risks increase dramatically if one is compromised or misconfigured.

Event

Top with little code/no code

Join today’s leading executives at the Low-Code/No-Code Summit virtually on November 9. Register for your free pass today.

Register here

Venafi’s research also found that there is no clear industry standard for which the in-house team is currently responsible for securing the cloud. Typically, this is the responsibility of enterprise security teams (25%), followed by operations teams responsible for cloud infrastructure (23%), a collaborative effort shared by multiple teams (22%), developers writing cloud applications (16%) and DevSecOps teams (10%).

There is also no clear consensus among security decision-makers about who should be responsible for securing the cloud. Cloud infrastructure operations teams and enterprise security teams (24% each) are among the most popular, followed by multi-team responsibility sharing (22%), developers writing cloud applications (16%) and DevSecOps teams (14%).

New approaches to security must use a control plane to embed machine identity management into developer workloads so that teams can protect the business without slowing down production.

For his research, Venafi surveyed 1,101 security decision makers at companies with more than 1,000 employees. Twenty-four percent of those surveyed worked for companies with more than 10,000 employees.

Read the full report from Venafi.

The mission of VentureBeat is a digital city square for tech decision makers to gain knowledge about transformative business technology and transactions. Discover our briefings.

Leave a Comment