Some 80% of organizations suffered a “severe” cloud security incident over the past year, while a quarter worry they’ve suffered a cloud data breach and aren’t aware of it, according to new research from Snyk.
The developer security specialist polled 400 cloud engineering and security practitioners from organizations of various sizes and sectors, to compile its State of Cloud Security Report.
Among the incidents flagged by respondents over the past 12 months were breaches, leaks, intrusions, crypto-mining, compliance violations, failed audits and system downtime in the cloud.
Startups (89%) and public sector organizations (88%) were the most likely to have suffered such an incident over the period.
The bad news is that 58% of respondents predict they will suffer another severe incident in the cloud over the coming year.
Over three-quarters (77%) of those questioned cited poor training and collaboration as a major challenge in this regard.
“Many cloud security failures result from a lack of effective cross-team collaboration and team training. When different teams use different tools or policy frameworks, reconciling work across those teams and ensuring consistent enforcement can be challenging,” the report argued.
“Insufficient tooling that produces false positives leads to alert fatigue within security teams, which itself contributes to human error when identifying critical issues that need to be addressed quickly. Issues with inconsistent policy interpretations and a lack of education may indicate the need for policy-as-code based tooling.”
Respondents also pointed to challenges around cloud-native development. Although it can improve developer speed and agility, over two-fifths (41%) claimed that the extra complexity it creates can have a negative impact on security.
“To eliminate security issues pre-deployment, teams have to add specific expertise related to cloud-native security, set up additional training and education, and shift left on cloud security,” the report noted. “Only one fifth of respondents has managed to avoid a significant security impact due to cloud-native adoption.”