A recent study conducted by the Cloud Security Alliance (CSA) has revealed the challenges that organizations are facing in security remediation and achieving visibility from code to cloud.
The report, developed in partnership with security company Dazz, surveyed over 2,000 IT and security professionals to gain insights into current cloud environments and security tools. The findings were less than reassuring.
Only 23% of organizations surveyed claimed to have full visibility in their cloud environments. A majority of respondents (63%) viewed duplicate alerts as a significant challenge, with 61% using between three and six different detection tools.
Regarding code security, almost 38% of respondents stated that 21-40% of their code contains vulnerabilities. Additionally, 4% reported that over 80% of their code was vulnerable, while just 27% were confident in the security of at least 80% of their code.
The study also found that more than half of the vulnerabilities addressed by organizations tended to reappear within a month of being resolved. Factors contributing to this recurrence included limited resources, lack of expertise, and the inherent complexity of vulnerabilities.
Manual processes were identified as a significant issue, with many organizations spending a considerable amount of time on initial vulnerability management tasks. Three quarters of organizations reported that security teams spent at least 20% of their time on manual tasks when addressing alerts.
Overall, over 70% of organizations indicated that they had limited or moderate visibility from code to cloud.
The report concluded by emphasizing the need for organizations to enhance visibility, accelerate remediation, improve collaboration, and streamline processes to effectively mitigate risks in the evolving cybersecurity landscape.
You can access the full report on the CSA website (pdf).
Photo by Pixabay
If you’re interested in learning more about cybersecurity and the cloud from industry experts, consider attending the Cyber Security & Cloud Expo events in Amsterdam, California, and London. Explore additional enterprise technology events and webinars powered by TechForge here.
