UK organisations have limited awareness of cloud-native security despite considering cloud-native application security a critical priority, a new survey by cloud-native security firm Aqua Security reveals.
The survey, conducted at Cloud Expo Europe in March 2022, found that 49% of the over 100 cloud professionals polled said their limited understanding of the risks and lack of know-how was among the highest concerns relating to cloud-native security.
In the survey, less than a third of respondents (32.7%) consider cloud misconfigurations to be their biggest security concern. Among others considered riskier were malware attacks (54%), social engineering and phishing attacks (56.7%) and insider threats (32.9%).
Around a third of respondents said between half and three-quarters of their apps are cloud-native, yet 20% are operating without a cloud-native security strategy in place.
“As more applications are built and run in the cloud, it’s no surprise we’re seeing threat actors shift their focus to target cloud-native environments,” said Paul Calatayud, CISO at Aqua Security. “This demands a new approach to security. Many organisations in the UK are beginning to understand that cloud-native security is not just a ‘nice to have’, but there is a clear need for more education in the UK and beyond.”
The survey found that nearly a third (29.8%) of UK firms believe cloud-native application security is a critical cloud security priority, ranking it more essential than SaaS apps (20.2%) and identity and access management (28.8%). Despite this, nearly half (44%) rely on ‘free’ offerings from their cloud providers, the survey revealed.
When questioned about who is responsible for cloud native security within an organisation, most respondents (55.8%) cited their IT security team. Only around a fifth of respondents (20.5%) attributed cloud-native responsibility to DevOps and Security combined teams.
“Questions around risks and responsibility illustrate the confusion around cloud-native,” added Calatayud. “It is projected that cloud-native will support more than 90% of new digital initiatives by 2025, so we’re at a critical point where cloud-native security must be prioritised by both the security and DevOps teams.”
He advised organisations to seek out solutions that will help stop cloud-native attacks at every level, as traditional tools are no longer efficient.
