A new report from the Cloud Security Alliance (CSA) has thrown up more difficulties organisations are facing in security remediation – and achieving visibility from code to cloud.
The report, produced in collaboration with security firm Dazz, polled just over 2,000 IT and security professionals to better understand current cloud environments and security tools. The results were less than confident.
Less than a quarter (23%) of organisations polled reported full visibility in their cloud environments. Around two thirds (63%) of those polled consider duplicate alerts either a moderate or significant challenge, while a similar number (61%) use anywhere between three and six different detection tools.
At code level, just under two in five (38%) of those polled said that between 21% and 40% of their code contains vulnerabilities. 4% said more than 80% of their code was vulnerable, while only just over a quarter (27%) of respondents were confident in the security of at least 80% of their code.
The report also found that more than half of the vulnerabilities addressed by organisations tended to recur within a month of being remediated. The causes for such reoccurrences are myriad; the report noted limited resources, insufficient expertise, as well as the ‘inherent complexity’ of vulnerabilities as possible factors.
Manual overhead is considered another issue. The report noted general inefficiencies with organisational practices, with initial phases of vulnerability management ‘appear[ing] to consume a disproportionate amount of time.’ Three quarters of organisations analysed said they had security teams spending at least 20% of their time performing manual tasks when addressing alerts. The report added that lack of definition in roles could be a symptom, while automation in remediation processes was currently underutilised.
In total, more than 70% of organisations polled said they had either limited or moderate visibility from code to cloud.
“As cybersecurity threats evolve, organisations must adapt by seeking better visibility into their code to cloud environment, identifying ways to accelerate remediation, strengthening organisational collaboration, and streamlining processes to counter risks effectively,” the report concluded.
You can read the full report by visiting the CSA website.
Editor’s note: A previous version of this story provided a broken link to the report. This has since been fixed.
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. Explore other upcoming enterprise technology events and webinars powered by TechForge here.
