Sunday, 19th September 2021
Logo

Companies continue with cloud despite security blind spots

New report finds 100% of companies have experienced a security incident, but continue to expand their footprint as 64% report deploying new AWS services weekly.

Vectra AI has released the findings of the PaaS & IaaS Security Survey Report. The report compiled the answers of 317 IT executives all using AWS, 70% coming from organisations of 1,000+ employees. The findings show a rapid expansion and reliance on AWS services while simultaneously showcasing security blind spots within many organisations.

As digital transformation efforts continue, AWS is becoming an even more critical component to organisations. They are regularly deploying new workloads, leveraging deployments in multiple regions, and are relying on more than one AWS service. The survey found:

•64% of DevOps respondents are deploying new workload services weekly or even more frequently

•78% of organisations are running AWS across multiple regions (40% in at least three)

•71% of respondents say that they are using more than four AWS services (such as S3, EC2, IAM, etc.)

The expansion of AWS services has naturally led to increased complexity and risk. In fact, all of the companies surveyed have experienced at least one security incident in their public cloud environment in the last 12 months. Gartner anticipated that over 99% of cloud breaches will have a root cause of customer misconfiguration. Some blind spots the Vectra report uncovered include:

•30% of organisations surveyed have no formal sign-off before pushing to production

•40% of respondents say they do not have a DevSecOps workflow

•71% of organisations say that 10 or more people can modify the entire infrastructure in their AWS environments, creating numerous attack vectors for hackers

Despite these blind spots, the survey showed that companies are taking security seriously. Over half of the companies surveyed reported double-digit security operations center (SOC) headcounts, showing a significant investment in keeping their organisations secure.

“Securing the cloud with confidence is nearly impossible due to its ever-changing nature,” said Matt Pieklik, Senior Consulting Analyst at Vectra. “To address this, companies need to limit the number of attack vectors malicious actors are able to take. This means creating formal sign-off processes, creating DevSecOps workflows and limiting the number of people that have access to their entire infrastructure as much as possible. Ultimately, companies need to provide security holistically, across regions and automate as many activities as possible to enhance their effectiveness.”


34% say their organisation is at risk of security threats due to skills gaps.
57% of organizations are prioritizing secure cloud migrations and 48% are looking to implement Zero...
Sophos has published findings from its survey report, “The State of Ransomware in Financial Services...
Cyber threat causes most concern for businesses, with US executives feeling more prepared to handle...
Potential boost for jobs and investment as 65 percent believe COVID-19 has had a positive impact on...
“Securing the New Hybrid Workplace” report from Entrust found 91% of employees are in favor of a hyb...
Lacework, the data-driven security platform for the cloud, has released its quarterly cloud threat r...
Despite staggering interest, a top barrier to implementing Zero Trust strategies is, surprisingly, c...