DEVOPSdigest

The 2024 Cloud Security Report from Cybersecurity Insiders and Check Point(link is external) is now available for download(link is external). The new report draws on the experience and perspective of over 800 cloud and cybersecurity professionals to provide a deep look at the current state of cloud security. We asked these industry experts to evaluate the effectiveness of their existing security measures and to report on the adoption of the latest security solutions at their companies. Taken all together, these insights provide a comprehensive view of the big opportunities and persistent challenges of cloud security.

Increase in Cloud Security Incidents

What we know: The 2024 Cloud Security Report illuminates a world of increasing cloud security incidents. 61% of surveyed organizations reported breaches within the last year, with data security breaches specifically emerging as the most common type of issue. In previous years misconfiguration had been the top cloud security issue, but in this latest report configuration issues dropped down to just 12% of reported issues. That is a sign of growing experience in this area of cloud security, but also indicates that increasing usage by companies and increasing attention from malicious actors is increasing the potential threats the cloud faces.

What you can do: To effectively deal with the rising number of incidents and eliminate potential blind spots, it is essential for organizations to embrace a prevention-centric approach. This entails taking proactive security measures rather than reacting to threats as they arise. By harnessing advanced, AI-driven security solutions, organizations can anticipate and thwart potential security breaches before they cause significant harm. This aligns with the broader trend within the industry towards a more preemptive security strategy.

Barriers to Effective Cyber Defense

What we know: Cloud complexity and continual technological changes have resulted in a situation where, in many organizations, cloud security falls on the DevOps teams. Visibility and oversight are limited, and survey respondents identify lack of security awareness and lack of skilled personnel as two of the top barriers standing in the way of effective cyber defense.

What you can do: These signs all point to the need for a structural re-adjustment of security, with advanced training and development, as well as the adoption of consulting and managed services in order to free up resources and better educate existing staff.

Rapid CNAPP + Prevention Adoption

What we know: The report identifies methods organizations are currently using to address the challenges of cloud security. Many respondents see promise in AI-enhanced detection and remediation, which can be especially useful against zero-day threats. More than 50% have either partially or fully implemented a CNAPP (Cloud Native Application Protection Platform) solution, which unifies multiple aspects of cloud security to make it easier to automate processes. 
What you can do: Overall, the data shows that the cloud security world is stretched thin and seeking solutions that can increase the efficiency of their efforts. Limited staffing means that prevention and other automated processes are much more valuable than manual detection and remediation. More alerts are not the answer — instead, efforts should be made to streamline security processes so employee attention can be focused where it will make the most impact.

Investing in a CNAPP platform that incorporates both WAF and network security measures is essential for optimal prevention of potential threats. Unfortunately, many solutions currently available on the market neglect this vital integration, leading to an excessive number of alerts and higher levels of risk.

DOWNLOAD FULL REPORT(link is external)

Methodology: The 2024 Cloud Security Report is the result of perspectives from various tech and security roles, drawn from both small and large companies, across a wide variety of industries. Respondents ranged from IT specialists to the C-Suite, and represented industries including financial services, government, education, and more.