The State of
Cloud-Native Security
Report 2024
Generative AI is a groundbreaking force that puts organizations at the intersection of innovation and risk, requiring them to navigate unimaginable challenges and opportunities.
The State of Cloud-Native Security Report 2024, "the fourth annual report,“ aims to help organizations make the most of this cloud security transformation by revealing the trends and insights gleaned from discussions with more than 2,800 cloud security and DevOps professionals in 10 countries and five sectors of industry. Read on to learn more about how your peers are dealing with all the changes that are taking place.
The State of Cloud-Native Security Report 2024
The largest, most globally expansive market research on cloud-native security.
AI: Attack Vector or Accelerator?
As AI continues to develop, only one thing is certain: it will be weaponized. That’s why 38% of organizations rank AI-powered attacks as their top concern in 2024, and 43% predict that AI-powered threats will become a common threat vector.
Security Risks with AI-Generated Code
AI-powered attacks are only half the problem. Forty-four percent of organizations are equally worried about risks related to AI-generated code and rightfully so. Autonomously created software and the rapid pace of AI-generated code development increase the likelihood of undetected security flaws and tax traditional security testing methods.Embracing the Unknown
Despite expressing a healthy dose of fear and caution when faced with AI, organizations are optimistic. All survey respondents plan to embrace AI-assisted coding, and will tailor their security approach to account for it.Balancing Tools, Vendors and Needs
It’s no secret that cloud environments get complex very quickly. Respondents use an average of 12 cloud service providers and 16 cloud security tools—no wonder. 98% of them expressed a need for simplification and consolidation and emphasized the importance of reducing the number of security tools in use.
Although complexity has been a recurring theme in “The State of Cloud-Native Security Report,” there’s been little progress in eliminating it. The number of tools dedicated to cloud security has increased 60% from last year.
Although complexity has been a recurring theme in “The State of Cloud-Native Security Report,” there’s been little progress in eliminating it. The number of tools dedicated to cloud security has increased 60% from last year.
Data Protection in Fragmented Ecosystems
Data security is a big challenge for many organizations, with 50% conducting manual reviews to identify and classify sensitive data within the cloud. This is a problem, not just because manual reviews are time-consuming, error-prone and often incomplete, but because manual reviews result in gaps in data protection, leaving organizations vulnerable to breaches.
To make matters worse, 98% of organizations store sensitive data across multiple environments. More than half of survey respondents blame this complexity for the challenges of monitoring and controlling sensitive information and 48% claim that data protection is inadequately performed.
Year-over-year increases in security incidents were seen across the board. Nearly 50% of organizations reported an increase in downtime due to misconfiguration, compliance violations and insecure APIs (43% of organizations rank API risks as their No. 1 security concern) while 64% of organizations saw a rise in data breaches.
To make matters worse, 98% of organizations store sensitive data across multiple environments. More than half of survey respondents blame this complexity for the challenges of monitoring and controlling sensitive information and 48% claim that data protection is inadequately performed.
Security Incidents on the Rise
Because data is often spread across cloud environments, the attack surface of most organizations is vast. When coupled with a lack of comprehensive visibility, which increases opportunities for insider threats, it’s no surprise that 45% of respondents are seeing a rise in advanced persistent threats (APTs).Year-over-year increases in security incidents were seen across the board. Nearly 50% of organizations reported an increase in downtime due to misconfiguration, compliance violations and insecure APIs (43% of organizations rank API risks as their No. 1 security concern) while 64% of organizations saw a rise in data breaches.
Addressing Collaboration Starts at the Top
Conflict between cloud security and application development is likely to always exist and the results of this year’s report support that. Participants were vocal about the challenges they face, with 84% attributing delays with their project timelines to security processes, 83% viewing security as a burden, and 79% claiming their employees frequently ignore or work-around security processes.
And what about the 71% of organizations that report vulnerabilities resulting from rushed deployments? Most (92%) blame inefficient development and deployment and 71% blame stress, with 93% of respondents citing high turnover rates.
The Backlog and the Blame Game
Because developers are compelled to deliver new features, updates and bug fixes as quickly as possible in order to meet business goals, security tickets pile up, go-to-market dates get missed, and a culture of scapegoating persists. Feedback on this issue was predictably divided—86% blame security for hindering software releases while 91% say developers need to produce more secure code.And what about the 71% of organizations that report vulnerabilities resulting from rushed deployments? Most (92%) blame inefficient development and deployment and 71% blame stress, with 93% of respondents citing high turnover rates.
Risks, Realities and Cloud Security Strategies
Tooling issues represent a big challenge when it comes to resolving security bugs and vulnerabilities. It impacts the development process for 40% of survey respondents, with 33% of security practitioners attributing legacy security tools to their inability to stay on top of threat vectors and citing alert noise as the cause of resolution delays.
It’s because of these challenges that the overarching themes of efficiency and effectiveness were such a major focus. More than 90% of respondents claim that the number of point tools they use create blind spots that make it hard to prioritize risk and prevent threats. A further 88% struggle to identify what security tools they need. Thankfully, teams were clear on what capabilities they need. Nearly 95% want a solution that provides immediate remediation steps and nearly as many agree that they’d benefit from a solution that automatically finds interconnected vulnerabilities and misconfigurations with the highest potential of a successful attack.
It’s because of these challenges that the overarching themes of efficiency and effectiveness were such a major focus. More than 90% of respondents claim that the number of point tools they use create blind spots that make it hard to prioritize risk and prevent threats. A further 88% struggle to identify what security tools they need. Thankfully, teams were clear on what capabilities they need. Nearly 95% want a solution that provides immediate remediation steps and nearly as many agree that they’d benefit from a solution that automatically finds interconnected vulnerabilities and misconfigurations with the highest potential of a successful attack.