Around a third of companies say that between 50-75% of their apps are cloud native, yet 20% have no cloud native security strategy in place.
This is according to a study by Aqua Security, which also found that 68.3% of respondents to its survey also admit that they are not familiar with the term CNAPP (Cloud Native Application Platform Protection), the cloud native security concept introduced by analyst firm, Gartner.
Paul Calatayud, CISO at Aqua Security, said: “As more and more applications are built and run in the cloud, it’s no surprise that we’re seeing threat actors shift their focus to target cloud native environments. This demands a new approach to security. Many organisations in the UK are beginning to understand that cloud native security is not just a ‘nice to have’, but there is a clear need for more education in the UK and beyond.”
When asked about their overall cybersecurity priorities, nearly a third of UK firms (29.8%) said that cloud native application security is a critical cloud security priority – more important than SaaS Apps (20.2%) and Identity & Access Management (28.8%). However, despite this nearly half of respondents (44%) rely on ‘free’ security offerings from their cloud providers which do not deliver the visibility and control needed to minimise cloud native application risk.
When questioned about worries they had relating to cloud native security, 49% said their limited understanding of the risks, and lack of knowledge were among the highest areas of concern. Other areas of concern included limited or no budget (53%), integration with existing tools and insufficient staffing (both at 42.3%).
Respondents’ overall lack of awareness about cloud native security is underpinned by the fact that less than a third of respondents (32.7%) consider cloud misconfigurations to be their biggest security concern. Malware attacks (54%), social engineering and phishing attacks (56.7%) and insider threats (32.9%) were considered riskier.
When it comes to who is responsible for cloud native security within an organisation, the majority (55.8%) stated that this sits with the IT security teams. Only around a fifth of respondents (20.5%) attributed cloud native responsibility to DevOps and Security combined teams.
Calatayud said: “Questions around risks and responsibility illustrate the confusion around cloud native. It is projected that cloud native will support more than 90 percent of new digital initiatives by 2025, so we’re at a critical point where cloud native security must be prioritised by both the security and DevOps teams. Traditional tools are simply not effective, and organisations must seek out solutions that will stop cloud native attacks at every level.”
Want to learn more about cloud and cyber security from industry leaders? Check out Cyber Security & Cloud Expo. The next events in the series will be held in Santa Clara on 11-12 May 2022, Amsterdam on 20-21 September 2022, and London on 1-2 December 2022.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.