A new report from the Cloud Security Alliance (CSA) lays out the growing difficulties organizations face in remediating security and achieving visibility from code to the cloud.
Produced in partnership with security firm Dazz, the report surveyed more than 2,000 IT and security professionals to better understand current cloud environments and security tools. The results were less than confident.
Less than a quarter (23%) of organizations surveyed reported full visibility into their cloud environments. About two-thirds (63%) of respondents consider duplicate alerts to be a moderate or major challenge, while a similar number (61%) use three to six different detection tools.
At the code level, less than two-fifths (38%) of respondents said that between 21% and 40% of their code has vulnerabilities. 4% of respondents said that more than 80% of their code is vulnerable, while only a quarter (27%) are confident that at least 80% of their code is secure.
The report also found that more than half of the vulnerabilities resolved by organizations tended to reappear within a month of being fixed. There are many reasons for this to happen again. The report cited limited resources, insufficient expertise and the “inherent complexity” of the vulnerability as possible factors.
Manual overhead is considered another issue.The report noted that organizational practices were generally ineffective and that the initial stages of vulnerability management “seemed[ing] Spending a disproportionate amount of time. Three-quarters of organizations surveyed said their security teams spend at least 20% of their time performing manual tasks when handling alerts. The report adds that a lack of role definition may be a symptom, while automation of remediation processes is currently underutilized.
Overall, more than 70% of organizations surveyed said they have limited or moderate visibility from code to the cloud.
“As cybersecurity threats evolve, organizations must adapt by seeking better visibility into code in cloud environments, identifying ways to accelerate remediation, increasing organizational collaboration, and streamlining processes to effectively address risks,” the report concludes.
You can read the full report by visiting the CSA website (pdf).
Photo credit: Pixabay
Want to learn more about cybersecurity and the cloud from industry leaders? Check out the Cyber Security and Cloud Expo in Amsterdam, California, and London. Explore other upcoming enterprise technology events and webinars powered by TechForge here.
1 Comment
Pingback: Why companies continue to struggle with cloud visibility and code vulnerabilities – Mary Ashley