New research has shown that 71% of CISOs believe a large number of flaws in cloud software are going unnoticed due to the switch in security practices.
CISOs revealed that increased adoption of cloud architectures, DevOps and agile methodologies has “broken” traditional approaches to application security.
The independent global survey, which spoke to around 700 CISOs from large firms, found that 89% of respondents believe that cloud-related technologies such as microservices, containers, and Kubernetes have caused application security ‘blind spots’.
Additionally, data showed that nearly two-thirds (63%) of CISOs believe DevOps and agile development have made it “more difficult” to detect and manage software vulnerabilities.
“Pressures to make code live and not having the right tools and processes to ensure code is vulnerability-free for cloud-native apps have worsened these issues,” according to Software intelligence company, Dynatrace, who announced the findings.
Around 68% of respondents agreed that the volume of cloud alerts makes it “very difficult to prioritise vulnerabilities” based on risk and impact. On average, security teams need to react to 2,169 new alerts, but only 42% of potential application security vulnerabilities each month need action, as the rest are false positives.
Commenting on the data, Founder and Chief Technology Officer at Dynatrace Bernd Greifeneder said: “The increased use of cloud-native architectures has fundamentally broken traditional approaches to application security.
“This research confirms what we’ve long anticipated: manual vulnerability scans and impact assessments are no longer able to keep up with the pace of change in today’s dynamic cloud environments and rapid innovation cycles.”
Almost three quarters (74%) of CISOs agree that traditional security controls such as vulnerability scanners “no longer fit today’s cloud-native world”. Additionally, 71% admit they are not fully confident code is free of vulnerabilities before going live in production.
“Risk assessment has become nearly impossible due to the growing number of internal and external service dependencies, runtime dynamics, continuous delivery and polyglot software development which uses an ever-growing number of third-party technologies.
“Already stretched teams are forced to choose between speed and security, exposing their organisations to unnecessary risk.”
- Why senior management needs to make cloud backup a priority
- Managing cloud spend is key to avoiding ‘bill shock’
- Google Cloud to start hosting some parts of YouTube platform
Proofpoint’s Voice of the CISO 2021 Report released in May reveals that two-thirds of global CISOs currently feel unprepared to cope with a cyberattack if one was to occur.
According to data from the research, 58% of CISOs said that human error within their organisation is currently the biggest cyber vulnerability as a hybrid workforce presents new challenges for cybersecurity teams.
Greifeneder continued: “As organisations embrace DevSecOps, they also need to give their teams solutions that offer automatic, continuous and real-time risk and impact analysis for every vulnerability, across both pre-production and production environments, and not based on point-in-time ‘snapshots.'”
Last year saw a huge increase in the use of cloud-based services, driven by lockdown restrictions and the move to remote working. During the first quarter of 2020 alone, spending on cloud infrastructure is estimated to have risen 37% to $29 billion.
However, security experts have said they are now dealing with unprecedented cloud security concerns, with many saying they are finding it increasingly difficult to deal with potential threats due to limited available security tools.
CheckPoint’s 2020 Cloud Security Report revealed that there is a perception that current security tools offer only limited protection when cloud environments become more complex.
Join the Debate: Cloud First Summit
Cloud security will be a key theme at the upcoming Cloud First Virtual Summit on June 23rd.
The conference will bring together senior technologists, cloud architects and business transformation specialists to explore new advancements and best practice.
Register your free place now at: https://www.cloudfirstsummit.com/