Accurics: 96 Percent of Reported Cloud Security Issues Aren’t Addressed

Accurics: 96 Percent of Reported Cloud Security Issues Aren't Addressed

According to a report recently released by cloud security vendor Accurics, 96 percent of cloud security issues reported during production are not being addressed. This information comes from the May 2020 edition of the State of DevSecOps report, which was conducted using a combination of proprietary data from Accurics as well as
publicly available sources.

Our MSP Buyer’s Guide contains profiles on the top cloud managed service providers for AWS, Azure, and Google Cloud, as well as questions you should ask vendors and yourself before buying. We also offer an MSP Vendor Map that outlines those vendors in a Venn diagram to make it easy for you to select potential providers.

The vendor’s research determined that only four percent of cloud security issues discovered during production are ever addressed. Accurics called these results “not surprising” considering that cloud configurations needs to be traced back to a developer in order to fix the configuration. This requires redeployment of the cloud, which is often an expensive proposition — and apparently, not worth it for many organizations.

Accurics also found that cloud developers were shifting towards provisioning cloud infrastructure through code. The researchers discovered that 24 percent of cloud configuration changes are made via code, which Accurics called “significant adoption” given how recent infrastructure as code technologies have been developed.

In the report, Accurics Chief Technology Officer Piyush Sharrma stated: “Cloud infrastructure is becoming increasingly “immutable”: it is never modified after it is deployed. If something needs to be changed, new infrastructure has to be provisioned through code. While this approach enables agility and reliability, current security practices are becoming untenable for protecting transient cloud infrastructure. […] Cloud service providers continue to bolster capabilities that enable organizations to implement tighter controls, and many organizations have invested in one or more cloud security tools. The crux of the issues lies in the fact that as the cloud native stacks become more complex, point cloud security solutions become inadequate and gaps in coverage start to emerge.”

Download your copy of the State of DevSecOps report here.

Daniel Hein