- A majority of cloud security and engineering professionals expect cloud data breach risks to increase over the next year, according to an annual report on the state of cloud security published Tuesday by Snyk.
- The heightened risk profile is consistent with the data breaches, leaks and intrusions organizations suffered in their cloud environments last year. Four out of five respondents said their organization suffered a serious cloud security incident last year, including breaches, leaks, intrusions, compliance violations, failed audits, system downtime and cryptomining.
- Companies primarily using the cloud to host migrated applications suffered cloud security incidents most often, an experience reported by nearly nine out of 10 professionals surveyed. Serious cloud security incidents also impacted companies hosting third-party apps or building and running in-house apps in the cloud at a rate of at least 70%, the report said.
The perception of growing risk amid common occurrences accentuates the persistent cloud security challenges organizations confront as they deploy and invest in more cloud infrastructure.
System downtime due to misconfiguration and cloud data breaches were the most commonly reported security incidents among the 400 cloud engineers and security professionals surveyed. Snyk commissioned Propeller Insights to conduct the survey during the second quarter of 2022.
Just one out of five respondents reported no major cloud security incidents. However, a quarter of professionals said they worry their organization unknowingly suffered a data breach recently.
This gap in cloud infrastructure visibility underscores the increased complexity organizations encounter in cloud-native infrastructure. Two-fifths of respondents said cloud-native service and architecture adoption inflicts a major impact on cloud security efforts due to additional complexity.
Granting API access to the cloud control plane for cloud development and configuration opens a potentially expansive attack surface for threat actors to target.
“Every major cloud data breach involves attackers compromising the cloud API control plane for discovery, movement and extraction,” the report said. These attacks exploit architectural misconfigurations involving more than one resource.
Containers introduce additional cloud security risks, according to Snyk. One in five respondents that are using container-based architectures reported no container-related security issues.
Lackluster cloud security efforts cause application deployment delays and impose significant demands on cloud engineering and security teams, the report said. Respondents cited a lack of cloud security policy awareness as the leading cause of cloud security failures.