Security pros expect serious data breaches in the cloud
Among cybersecurity and engineering professionals, only one in five avoided incidents in the previous year.
Organizations that deploy and invest in more cloud infrastructure are faced with persistent cloud security challenges due to the perception of growing risk amid common occurrences.
A survey of 400 cloud engineers and security professionals found that misconfiguration and data breaches were the most common security incidents. The survey was conducted by Propeller Insights in the second quarter of 2022 on behalf of Snyk.
One in five respondents did not report any major cloud security incidents. In contrast, a quarter of professionals said they worry their organization has recently experienced a data breach without them being aware.
The lack of visibility into cloud infrastructure demonstrates the complexity of cloud-native infrastructure for organizations. A majority of respondents cited the increasing complexity of cloud-native architectures and services as a major barrier to cloud security.
The cloud control plane API is potentially open to attack by threat actors if it is made available for cloud development and configuration.
“Every major cloud data breach involves attackers compromising the cloud API control plane for discovery, movement, and extraction,” the report said. In these attacks, multiple resources are exploited through architectural misconfiguration.
The use of containers in the cloud poses additional security risks, according to Snyk. Among respondents using container-based architectures, one in five reported no container-related security issues.
Cloud security efforts are sluggish, resulting in application deployment delays and significant demands on cloud engineers and security teams, according to the report. In a survey of respondents, a lack of understanding of cloud security policies is cited as the number one reason for cloud security failures.