Share this article on:
One well-established impact of COVID has been the acceleration of organisations’ digital transformation plans and the adoption of cloud-based infrastructure. In many cases, the adoption of public cloud infrastructure, as well as other cloud-native applications, such as containers, virtual machines and APIs, has created an increasingly disparate environment that security leaders are having to maintain visibility on.
Resultantly, cyber criminals are directing their activities towards cloud-native apps and infrastructure. In a recent survey of 383 IT and security professionals, conducted by ESG for CrowdStrike, just 12 per cent said they hadn’t experienced a cloud-based cyber incident in the past year.
Uncovering the cloud visibility gap
According to the survey, the biggest worry for cyber professionals is maintaining visibility over this new environment; 47 per cent reported that they had challenges maintaining security consistency between the data centre and the public cloud environments where cloud-native applications are deployed, while 30 per cent reported a lack of visibility into the public cloud infrastructure hosting cloud-native applications.
These challenges are exacerbated by a poor understanding of the threat model for cloud-native applications and infrastructure (noted by 31 per cent).
Awareness of the cloud security visibility gap has grown because of a number of factors, chief among them being the increase in privileged cloud credential compromises. Poor attention to identity and access management (IAM) often leads to attackers targeting accounts with excessive permissions and threat actors gaining access to services due to open ports.
When asked what the most common cloud misconfigurations were in the last 12 months, the most common answer given was having a default or no password required for access to management consoles (30 per cent). As the cloud environment has grown, it's no wonder then that poor identity practices have provided weak points for opportune attackers.
Directing spending to close the gap
Already, DevOps, IT Ops and security teams are heavily involved when it comes to the selection and procurement of cloud-native security controls, but with different types of cloud-native controls needed for different layers of the stack and life cycle stages, these teams are increasing their role in selection and procurement, according to the study.
Among the top spending priorities to improve cloud visibility are cloud security posture management solutions (38 per cent) and endpoint detection and response (EDR) capabilities for cloud-resident workloads (36 per cent). In addition, many respondents cited the need for technologies that provide an audit trail for privileged user and service account activity and the ability to identify workload configurations that are out of compliance with industry best practices and regulatory frameworks.
The research also showed that these teams are looking to keep control of the growth in distributed, cloud-native apps by adopting a centralised, integrated security approach and investing in automation. Forty-one per cent of those surveyed said that automating the introduction of controls and processes via integration with the software development lifecycle and continuous integration and continuous delivery (CI/CD) tools were a top priority. This automation will enable organisations to keep pace with the elastic, dynamic nature of cloud-native applications and infrastructure.
This fact makes the ability to integrate cloud-native security controls with the tools that manage the software development lifecycle (SDLC) — including the CI/CD stages — a must-have.
Keeping pace
Of course, embracing cloud-native applications and architecture enables businesses to combine the cloud’s inherent flexibility with cloud-based technologies to increase their speed-to-market and unlock efficiencies.
Having been pushed by COVID to accelerate their digital transformation plans, organisations are now unlikely to slow down in their adoption of broader infrastructure-as-a-service and platform-as-a-service solutions.
The research suggests that keeping pace with this rapid growth will require continued investment to protect identity weak points, cloud-native endpoint detection and response technologies, and centralised and integrated security controls. Perhaps most of all however, security teams must continue to integrate with IT, DevOps and the wider business leadership to ensure cloud visibility gaps remain closed.
David Puza is the senior product marketing leader, cloud security at CrowdStrike