Snyk
By Drew Wright
Cloud computing has created the biggest shift in the IT industry during the last 20 years. With cloud technology, companies can build, deploy, and scale their applications faster than ever. But as cloud computing becomes more widespread, new security challenges have emerged — attackers have access to a bigger attack surface than they did even a few years ago.
Snyk recently conducted research to assess the impact cloud security has on organizations and the challenges teams face in trying to secure cloud infrastructure while still deploying at scale. The research findings are summarized in the 2022 Snyk State of Cloud Security Report. The report is based on a survey by Propeller Insights, polling more than 400 cloud engineering and security practitioners and leaders across various organization types and industries. It examines how engineers and security professionals secure cloud applications and infrastructure while still deploying quickly.
Statistics from the report reveal the following insights:
Of survey respondents, 42% of cloud engineers say that their team is responsible for cloud security, but only 19% of security professionals believe that to be the case. Securing cloud resources requires coordinated effort across teams. Having security responsibilities well-understood and well-defined helps companies work effectively to keep their cloud environments safe from attacks.
77% of organizations surveyed feel that many of today's cloud security failures result from a lack of effective cross-team collaboration and training. When different teams use different tools or frameworks, ensuring consistent output and policy enforcement is challenging. Insufficient tooling that produces false positives can lead to alert fatigue on security teams, contributing to human error when critical issues need fixing.
Survey data also shows that 55% of organizations are leveraging infrastructure as code (IaC) for better security pre-deployment. Not only does infrastructure as code help teams operate more efficiently and consistently at scale; it helps teams shift left on cloud security even before applications are deployed. Poll data shows that using IaC reduces cloud misconfiguration issues by 70%.
Developers and engineers working with cloud infrastructure are constantly building, iterating, and deploying. They rewrite code and make configuration changes often. But many changes that occur during the software development lifecylce can open up a project to the risk of attack. Knowing the risks of cloud infrastructure, and empowering teams with tools and policies to protect them from those risks, delivers measurable results. A developer-first approach to cloud security helps organizations innovate faster and more securely, with benefits that extend far beyond just fixing vulnerabilities.
Drew Wright
Snyk