New study examines application connectivity security in the cloud
he Cloud Security Alliance ( CSA ), a leading
T organisation dedicated to defining standards , certifications and best practices to help ensure a secure cloud computing environment , has released its report , Deconstructing Application Connectivity Challenges in a Complex Cloud Environment . The survey , conducted in partnership with AlgoSec , sought to better understand the industry ’ s knowledge , attitudes and opinions regarding application connectivity security in the cloud .
“ Increasingly , organisations are taking advantage of SaaS applications to the point where application security has become an integral part of security strategies ,” said Hillary Baron , Senior Technical Director for Research , Cloud Security Alliance , and a lead author of the report . “ Despite their growing prevalence , organisations are still faced with a host of pain points when it comes to application connectivity security and risk management .”
The key findings included :
• Managing risk for application connectivity is a complicated task . Lacking a single source of truth , organisations are trying to use multiple methods to get similar information : 53 % of respondents reported using a cloud provider ’ s assessment service ; 50 % use a thirdparty cloud-only tool , another 45 % use a generic risk or vulnerability assessment tool and 32 % use a third-party hybrid network security tool .
• Managing application connectivity risks in the deployment process is changing . Traditional security teams are responsible for identifying and mitigating risk – which still holds true for 42 % of organisations . However , there is a shift happening : just 32 % of organisations utilise Infrastructure as Code ( IaC ) with embedded security checks , suggesting organisations are beginning to use more automation , leaving less room for human error .
• Human error leads to significant application downtime . Nearly 75 % of organisations have experienced an application outage in the past 12 months and for over half ( 52 %) of the outages , operational human error and mismanagement were the cause – unsurprising , given the skills gap that has plagued the information security industry .
“ As cloud-native business applications become the standard for business transformation and innovation , the need to incorporate security into the DevOps process is paramount ,” said Jade Kahn , Chief Marketing Officer , AlgoSec . “ However , cumbersome security processes and lack of visibility are slowing applications ’ time-to-market and compromising security in this new paradigm . This research underscores the importance of identifying risk early in the DevOps process and aligning all stakeholders around risk and compliance gaps from the start .” u intelligent CLOUD SECURITY www . intelligentciso . com
55