Cloud Security, Security Architecture

Half of security pros say their public clouds were breached during the pandemic

Research by Laminar found half of security pros saying their public cloud environments had a breach during the pandemic. (“Cloud computing comes to NERSC” by Berkeley Lab is marked with CC BY-NC-ND 2.0.)

Research released on Tuesday by Laminar found that 50% of security pros say their public cloud environments experienced a breach in 2020 or 2021.

The survey found that as companies go digital, security teams are managing an increasingly complex multi-cloud environment and are struggling with a lack of visibility, inadequate controls, and a rising shadow data problem. Shadow — or unknown, unmanaged data — has become an issue as both IT and business users can self-provision cloud services and stand up instances for app development and testing.

Among those who say they were breached, 58% say that their cloud data had been knowingly exfiltrated.

The survey results validate that cloud-native application security requires a different approach, including a defense-in-depth strategy to protect data, said Ratan Tipirneni, president and CEO of Tigera. Tipirneni said traditional security is not enough for cloud-native applications because of their larger attack surface, heightened risk of lateral movement, and complex compliance needs.

“Because of their distributed cloud infrastructure, these applications are exposed to a multitude of attack vectors,” Tipirneni said. “As a result, compromises and zero-day threats can more easily go undetected, and there’s a constant threat of data exfiltration. Security and DevOps teams are getting overwhelmed and are struggling to mitigate risks.”

Davis McCarthy, principal security researcher at Valtix, added that defense in-depth has been an afterthought for many organizations and it’s starting to catch up to them.

“If there’s a public web application hosted in the cloud, WAF and IDS/IPS are still industry standards for mitigating threats,” McCarthy said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.