The Cloud Security Alliance (CSA), a leading organisation dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment has released its report, Deconstructing Application Connectivity Challenges in a Complex Cloud Environment. The survey, conducted in partnership with AlgoSec, sought to better understand the industry’s knowledge, attitudes and opinions regarding application connectivity security in the cloud.
“Increasingly, organisations are taking advantage of SaaS applications to the point where application security has become an integral part of security strategies,” said Hillary Baron, Senior Technical Director for Research, Cloud Security Alliance, and a lead author of the report. “Despite their growing prevalence, organisations are still faced with a host of pain points when it comes to application connectivity security and risk management.”
The key findings included:
- Managing risk for application connectivity is a complicated task. Lacking a single source of truth, organisations are trying to use multiple methods to get similar information: 53% of respondents reported using a cloud provider’s assessment service; 50% use a third-party cloud-only tool, another 45% use a generic risk or vulnerability assessment tool and 32% use a third-party hybrid network security tool.
- Managing application connectivity risks in the deployment process is changing. Traditional security teams are responsible for identifying and mitigating risk – which still holds true for 42% of organisations. However, there is a shift happening: Just 32% of organisations utilise Infrastructure as Code (IaC) with embedded security checks, suggesting organisations are beginning to use more automation, leaving less room for human error.
- Human error leads to significant application downtime. Nearly 75% of organisations have experienced an application outage in the past 12 months and for over half (52%) of the outages, operational human error and mismanagement were the cause – unsurprising, given the skills gap that has plagued the information security industry.
“As cloud-native business applications become the standard for business transformation and innovation, the need to incorporate security into the DevOps process is paramount,” said Jade Kahn, Chief Marketing Officer, AlgoSec. “However, cumbersome security processes and lack of visibility are slowing applications’ time-to-market and compromising security in this new paradigm. This research underscores the importance of identifying risk early in the DevOps process and aligning all stakeholders around risk and compliance gaps from the start.”