Findings from our annual State of the Software Supply Chain report, which looks at the use of open source software development, told us two main things:
These trends, which we'll be expanding on even further in our 2021 report out this fall, also reminded us these phenomenon are affecting the entire software industry, not just open source. Particularly, enterprises are struggling to react to the greater scale and complexity as they move to the cloud. Whether from hybrid environments with both cloud and on-premise infrastructure, or 100% cloud-native development, the industry is finding growing risk goes hand in hand with increased innovation. Today, we take a closer look at the state of cloud security for ourselves and our customers.
Partnering with the research team at Fugue, a leading cloud security provider, we surveyed over 300 professionals including cloud engineers, security engineers, DevOps, and cloud architects. The result is our State of Cloud Security 2021 report.
We know that misconfigurations are the #1 reason for cloud data breaches, but our survey uncovered just how prevalent these misconfigurations are:
We also know that, as Infrastructure as Code (IaC) tools like Terraform become more mainstream, cloud security teams need to address the entire software development life cycle (SDLC). Shifting left in this space means catching vulnerabilities in cloud development before they are deployed to production. Yet our survey found that one in five cloud engineers are not using any sort of scanning tools to check IaC pre-deployment. Among those that are, half of those say their teams are investing 50 or more engineering hours per week on IaC security, with cloud runtime security seeing a similar level of effort.
So what are some of the other common challenges to cloud adoption? What do cloud professionals say they need to better secure their environment? Most importantly, what can your team do to ensure your cloud architecture is safe and secure, along with the data and applications that are running on it?
Download your copy of the State of Cloud Security 2021 report (PDF format) to learn more.