Calamu: The Next Generation of Data Protection
Aqua Security, the leading pure-play cloud native security provider, has announced the results of a new study which reveals that UK organisations have a long road ahead when it comes to understanding, planning and deploying their cloud native security strategies.
The survey was conducted at Cloud Expo Europe in March 2022 and gathered insights from 100+ cloud professionals who attended the event. The results show a clear disconnect between the number of cloud native applications deployed within organisations, and the way in which those applications are secured.
Around a third of respondents stated that between 50-75 percent of their apps are cloud native, yet 20 percent have no cloud native security strategy in place. Nearly 70 percent (68.3 percent) of respondents also admit that they are not familiar with the term CNAPP (Cloud Native Application Platform Protection), the cloud native security concept introduced by analyst firm, Gartner.
Paul Calatayud, CISO at Aqua Security said, “As more and more applications are built and run in the cloud, it’s no surprise that we’re seeing threat actors shift their focus to target cloud native environments. This demands a new approach to security. Many organisations in the UK are beginning to understand that cloud native security is not just a ‘nice to have’, but there is a clear need for more education in the UK and beyond.”
Prioritisation and Knowledge Gaps
When asked about their overall cybersecurity priorities, nearly a third of UK firms (29.8 percent) said that cloud native application security is a critical cloud security priority – more important than SaaS Apps (20.2 percent) and Identity & Access Management (28.8 percent). However, despite this nearly half of respondents (44 percent) rely on ‘free’ security offerings from their cloud providers which do not deliver the visibility and control needed to minimise cloud native application risk.
When questioned about worries they had relating to cloud native security, 49 percent said their limited understanding of the risks, and lack of knowledge were among the highest areas of concern. Other areas of concern included limited or no budget (53 percent), integration with existing tools and insufficient staffing (both at 42.3 percent).
Risk Perception and Responsibility
Respondents’ overall lack of awareness about cloud native security is underpinned by the fact that less than a third of respondents (32.7 percent) consider cloud misconfigurations to be their biggest security concern. Malware attacks (54 percent), social engineering and phishing attacks (56.7 percent) and insider threats (32.9 percent) were considered riskier.
When it comes to who is responsible for cloud native security within an organisation, the majority (55.8 percent) stated that this sits with the IT security teams. Only around a fifth of respondents (20.5 percent) attributed cloud native responsibility to DevOps and Security combined teams.
Calatayud said, “Questions around risks and responsibility illustrate the confusion around cloud native. It is projected that cloud native will support more than 90 percent of new digital initiatives by 2025, so we’re at a critical point where cloud native security must be prioritised by both the security and DevOps teams. Traditional tools are simply not effective, and organisations must seek out solutions that will stop cloud native attacks at every level.”
Our five key takeaways, at a glance:
Around a third of respondents say between half and three quarters of their apps are cloud native, yet 20 percent have no cloud native security strategy in place
Nearly half (44 percent) rely on ‘free’ offerings from their cloud providers
Nearly a third (29.8 percent) said that cloud native application security is a critical cloud security priority
49 percent said their limited understanding of the risks, and lack of knowledge were among the highest concerns relating to cloud native security
Less than a third of respondents consider cloud misconfiguration to be their biggest cyber security risk