100 percent of companies experience public cloud security incidents
A new study from threat detection and response specialist Vectra AI finds that all respondents have experienced at least one security incident in their public cloud environment in the last 12 months.
The study of over 300 IT executives, with 70 percent coming from enterprises with more than 1,000 employees, shows a rapid expansion and reliance on AWS services while simultaneously pointing up security blind spots within many organizations.
Among the findings are that 64 percent of DevOps respondents are deploying new workload services weekly or even more frequently. 78 percent of organizations are running AWS across multiple regions (40 percent in at least three), and 71 percent of respondents say that they are using more than four AWS services (such as S3, EC2, IAM, etc).
All of this has led to more complexity and with it risk. The study uncovers a number of security blind spots, 30 percent of organizations surveyed have no formal sign-off before pushing to production, while 40 percent of respondents say they don't have a DevSecOps workflow. In addition 71 percent of organizations say that 10 or more people can modify the entire infrastructure in their AWS environments, creating numerous attack vectors for hackers.
"Securing the cloud with confidence is nearly impossible due to its ever-changing nature," says Matt Pieklik, senior consulting analyst at Vectra. "To address this, companies need to limit the number of attack vectors malicious actors are able to take. This means creating formal sign-off processes, creating DevSecOps workflows and limiting the number of people that have access to their entire infrastructure as much as possible. Ultimately, companies need to provide security holistically, across regions and automate as many activities as possible to enhance their effectiveness."
On a positive note over half of the companies surveyed report double-digit security operations center (SOC) headcounts, showing a significant investment in keeping their organizations secure.
The full report is available from the Vectra site.