Image Credit: Shutterstock

Cloud technology has expanded the attack surface well beyond the confines of the traditional network. Today, cloud security is not only protecting a handful of resources, rather it is maintaining complete visibility over what third-party services and applications are processing or storing sensitive information and developing apps with minimal code issues.

Unfortunately, few organizations are living up to these standards. 

New research released today by security provider, Snyk, found that 80% of organizations have experienced at least one serious cloud security incident in the past year, including data breaches, data leaks and intrusions. 

These new findings highlight that enterprises need to completely re-evaluate how they protect data stored and processed in the cloud. Which means casting off outdated legacy approaches to code development. 

Pinning down cloud security 

It’s no secret that cloud security is a challenge. Research shows that 78% of organizations claim traditional security solutions either don’t work at all or have limited functionality in cloud environments, while 93% are moderately or extremely concerned about the massive skill-shortage of qualified cybersecurity professionals. 

At the same time, 41% of respondents from Snyk’s report say that cloud native services further complicate their security efforts. 

“The widespread adoption of cloud-native application development has enabled modern developers to move faster and increase outputs to meet the demands of today’s enterprise,” said Andrew Wright, the author of Snyk’s cloud security report. “However, new challenges and complexities have emerged as the overall attack surface has expanded and the clear delineation of security responsibilities has blurred.”

Wright added that, “Many of today’s cloud security failures are a result of ineffective cross-team collaboration and team training to address this transformation and ensure security, with 77% of organizations citing this as a major challenge,” he said. “For instance, when different teams use different tools or policy frameworks, reconciling work across those teams and ensuring consistent enforcement can be challenging.”

The cloud security market 

The good news is that these challenges can be overcome by some strategic changes — infrastructure-as-code (IaC) security delivers a 70% median reduction in cloud misconfigurations. 

With IaC organizations, can provision infrastructure through code rather than administrative processes while using automated code scanning to reduce the chance of misconfigurations and security issues.  

Snyk’s own developer security platform, which helped the organization achieve a valuation of $8.5 billion, provides an alternative approach to cloud security by enabling developers to automatically find and fix vulnerabilities in their code with security intelligence so they can secure the development lifecycle.

Competitors SonarQube also offer a similar approach, providing an open-source platform designed to continuously inspect code for bugs and security issues to prevent developers from producing exploitable cloud apps. 

SonarQube’s parent company SonarSource announced it has raised $412 million in funding and achieved a valuation of $4.7 billion. 

From a development perspective, continuous inspection of code is critical for ensuring that developers can expand cloud environments at pace without leaving potential entry points for threat actors to exploit.