Cloudy, with a chance of complexity.
How cloud complexity affects security.
A study by Venafi has found that 81% of organizations have sustained a cloud-related security incident within the past twelve months, while 45% experienced four incidents over the past year:
“The underlying issue for these security incidents is the dramatic increase in security and operational complexity connected with cloud deployments. And, since the organizations in this study currently host two fifths (41%) of their applications in the cloud but expect increase to 57% over the next 18 months, this complexity will continue to increase.”
Kevin Bocek, Venafi’s vice president of security strategy and threat intelligence, stated, “Attackers are now on board with business’ shift to cloud computing. The ripest target of attack in the cloud is identity management, especially machine identities. Each of these cloud services, containers, Kubernetes clusters and microservices needs an authenticated machine identity – such as a TLS certificate – to communicate securely. If any of these identities is compromised or misconfigured, it dramatically increases security and operational risks.”
Bocek added that part of the problem is a lack of consensus on who is responsible for the security of cloud-based applications: “Security teams want to collaborate and share responsibility with the developers who are cloud experts, but all too often they’re left out of cloud security decisions. Developers are making cloud native tooling and architecture decisions that decide approaches to security without involving security teams. And we can already see the results of that approach: Security incidents in the cloud are rapidly growing.”