Research by Laminar found half of security pros saying their public cloud environments had a breach during the pandemic. ("Cloud computing comes to NERSC" by Berkeley Lab is marked with CC BY-NC-ND 2.0.)

Research released on Tuesday by Laminar found that 50% of security pros say their public cloud environments experienced a breach in 2020 or 2021.

The survey found that as companies go digital, security teams are managing an increasingly complex multi-cloud environment and are struggling with a lack of visibility, inadequate controls, and a rising shadow data problem. Shadow — or unknown, unmanaged data — has become an issue as both IT and business users can self-provision cloud services and stand up instances for app development and testing.

Among those who say they were breached, 58% say that their cloud data had been knowingly exfiltrated.

The survey results validate that cloud-native application security requires a different approach, including a defense-in-depth strategy to protect data, said Ratan Tipirneni, president and CEO of Tigera. Tipirneni said traditional security is not enough for cloud-native applications because of their larger attack surface, heightened risk of lateral movement, and complex compliance needs.

“Because of their distributed cloud infrastructure, these applications are exposed to a multitude of attack vectors,” Tipirneni said. “As a result, compromises and zero-day threats can more easily go undetected, and there’s a constant threat of data exfiltration. Security and DevOps teams are getting overwhelmed and are struggling to mitigate risks.”

Davis McCarthy, principal security researcher at Valtix, added that defense in-depth has been an afterthought for many organizations and it’s starting to catch up to them.

“If there’s a public web application hosted in the cloud, WAF and IDS/IPS are still industry standards for mitigating threats,” McCarthy said.