Organizations are having difficulty detecting, containing and resolving cloud cyber threats in a timely manner, with 90% being unable to work as fast as threat actors, according to new research from Palo Alto Networks.
The Santa Clara, Calif.-based cybersecurity giant surveyed more than 2,500 executives around the world, and found that expansion of hybrid work and growing use of the cloud is putting pressure on software developers to produce more quickly. This is leading to more vulnerable applications and burnt-out security professionals.
The research, the 2023 State of Cloud-Native Security Report, finds that threat actors are working just as fast–if not faster than–as developers to take advantage of cloud vulnerabilities, which puts more emphasis on the ability to detect threats more quickly and close any security gaps.
The report also found that organizations continue to struggle with comprehensive security, compliance and the technical complexity of moving to and securing the cloud. Nearly 80% of organizations say they have distributed responsibility for cloud security to individual teams, but almost half say a majority of their workforce does not understand their own security responsibilities, according to Palo Alto Networks.
More companies are also encouraging a deeper level of engagement between application developers and security tools and teams, with 81% of respondents saying they have embedded security professionals inside their DevOps teams. This is designed to help prevent introducing vulnerabilities in the development process that could compromise an entire application later on.
Further, about 75% of organizations are deploying new or updated code to production weekly, and about 40% are committing new code daily, which can lead to overlooking the security of cloud workloads, says Ankur Shah, senior vice president of Prisma Cloud at Palo Alto Networks.
“As cloud adoption and expansion continues, organizations need to adopt a platform approach that secures applications from code to cloud across multicloud environments,” Shah says.
The report also finds that organizations are struggling to identify which security tools they need, and the average organization is using more than 30 security tools, of which at least six are dedicated to cloud security.
Cloud Security Recommendations
Palo Alto Networks’ report includes a set of five recommendations to help organizations achieve cloud security, including:
- Embedding security earlier in the application lifecycle
- Implementing continuous cloud visibility
- Adopting threat prevention techniques
- Aligning cybersecurity policies with cloud migrations
- Consolidating security tools
