At a time when the world is increasingly moving towards software development across complex cloud environments, a new report indicates the security threats behind every such move and highlights seven specific ones that business heads should be aware of. Of course, it goes without saying that AI-generated code is at the top of this list.
The report, generated by Palo Alto Networks via a survey of more than 2,800 cloud security and DevOps professionals spread across ten countries and five industry verticals, notes that on an average there are 12 cloud service providers that handle the application deployments within an enterprise.
While this shows interoperability in a favourable light, the report also notes a larger trend of increasing spends on cloud with half of the companies surveyed stating that they earmarked more than $10 million annually on cloud services. However, the State of Native Cloud Security Report 2024 (download your copy here) also notes the need for simplification.
Gen AI and its impact on cloud security
Generative AI is a ground-breaking force that puts organizations at the intersection of innovation and risk, requiring them to navigate unimaginable challenges and opportunities, the report says. The need for simplification and consolidation rises as organizations on average have 16 cloud security tools.
As many as 98% of the respondents highlighted the criticality of reducing the number of security tools with 90% saying that the number of such point tools used by them creates blind spots that affect effective prioritization and threat prevention measures. It also highlights the conflict between DevOps and Security Ops when it comes to development with security.
A substantial 84% of the respondents from the first segment felt that security processes were causing delays to their project timelines with 86% actually claiming that security became a gating factor that delayed software releases. The Security Ops team felt that rigid time-to-market schedules resulted in compromised security with 71% attributing it as a key cause for increased vulnerabilities.
The seven deadly challenges
The report further noted that the cloud security concerns were wide, varied and far-reaching in view of the breadth and depth of the industries they focused on and the geographies that it has been spread across. However, if the entire data were to be crunched, there are seven top concerns that most respondents listed out. They are:
- AI-generated code was something that 44% of enterprises were concerned about as these could generate unforeseen vulnerabilities. Lack of human oversight in autonomous software creation could also lead to undetected security flaws, while rapid deployment of AI-led code could outstrip traditional security testing methods and leave vulnerabilities open.
- API risks were shared as a major risk by 43% of the respondents with unauthorized access, sensitive data exposure together capable of opening up vulnerabilities and exposing the business to cyberattacks.
- AI-powered crime was another factor to which 38% of the organizations were aware, with some noting that the weaponization of AI wasn’t part of science fiction anymore. This threat would make it tougher for security organizations to plan for and defend against.
- Poor access management was something that 35% of the respondents felt strongly about and felt that enterprises should overcome the challenges of who can access what within the cloud as a top priority that could be built into systems via access management initiatives.
- Continuous integration and delivery was another area where 34% of the respondents felt could impact on the attack surface. The pipeline’s impact on the attack surface is crucial and could potentially introduce vulnerabilities that get deployed into production quickly.
- Insider threats was something that 32% of the respondents were wary of and this list included business partners, third-party vendors, contractors and employees, especially in the wake of growing work-from-home instances across multiple industries.
- Unknown and unmanaged assets was something that could result in a gap in asset management and visibility, leading to vulnerabilities and future security breaches. In fact, nearly a third of the respondents felt that this was something enterprises should be aware of and respond to without further ado.
This post was originally published on the 3rd party site mentioned in the title of this this site