Why companies continue to struggle with cloud visibility – and code vulnerabilities – CloudTech News

2 minutes, 12 seconds Read

James has more than a decade of experience as a tech journalist, writer and editor, and served as Editor in Chief of TechForge Media between 2017 and 2021. James was named as one of the top 20 UK technology influencers by Tyto, and has also been cited by Onalytica, Feedspot and Zsah as an influential cloud computing writer.

.pp-multiple-authors-boxes-wrapper {display:none;}
img {width:100%;}

A new report from the Cloud Security Alliance (CSA) has thrown up more difficulties organisations are facing in security remediation – and achieving visibility from code to cloud.

The report, produced in collaboration with security firm Dazz, polled just over 2,000 IT and security professionals to better understand current cloud environments and security tools. The results were less than confident.

Less than a quarter (23%) of organisations polled reported full visibility in their cloud environments. Around two thirds (63%) of those polled consider duplicate alerts either a moderate or significant challenge, while a similar number (61%) use anywhere between three and six different detection tools.

At code level, just under two in five (38%) of those polled said that between 21% and 40% of their code contains vulnerabilities. 4% said more than 80% of their code was vulnerable, while only just over a quarter (27%) of respondents were confident in the security of at least 80% of their code.

The report also found that more than half of the vulnerabilities addressed by organisations tended to recur within a month of being remediated. The causes for such reoccurrences are myriad; the report noted limited resources, insufficient expertise, as well as the ‘inherent complexity’ of vulnerabilities as possible factors.

Manual overhead is considered another issue. The report noted general inefficiencies with organisational practices, with initial phases of vulnerability management ‘appear[ing] to consume a disproportionate amount of time.’ Three quarters of organisations analysed said they had security teams spending at least 20% of their time performing manual tasks when addressing alerts. The report added that lack of definition in roles could be a symptom, while automation in remediation processes was currently underutilised.

In total, more than 70% of organisations polled said they had either limited or moderate visibility from code to cloud.

“As cybersecurity threats evolve, organisations must adapt by seeking better visibility into their code to cloud environment, identifying ways to accelerate remediation, strengthening organisational collaboration, and streamlining processes to counter risks effectively,” the report concluded.

You can read the full report by visiting the CSA website (pdf).

Photo by Pixabay

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: , , ,

This post was originally published on the 3rd party site mentioned in the title of this this site

Similar Posts