A recent report from the Cloud Security Alliance (CSA) highlights the ongoing challenges faced by organizations when it comes to security remediation and achieving visibility from code to cloud.
Collaborating with security firm Dazz, the report surveyed over 2,000 IT and security professionals to gain insights into current cloud environments and security tools. The findings were less than optimistic.
Only 23% of organizations reported having full visibility in their cloud environments. Additionally, 63% of those polled consider duplicate alerts a significant challenge, and 61% use between three and six different detection tools.
At the code level, nearly 38% of respondents revealed that between 21% and 40% of their code contains vulnerabilities. A small 4% reported that over 80% of their code is vulnerable, while just 27% expressed confidence in the security of at least 80% of their code.
The report also noted that over half of the vulnerabilities addressed by organizations tend to reoccur within a month of being remediated, citing limited resources, insufficient expertise, and the inherent complexity of vulnerabilities as potential causes.
Another issue highlighted in the report is manual overhead. It was reported that organizations spend a disproportionate amount of time on the initial phases of vulnerability management, with three-quarters of security teams spending at least 20% of their time performing manual tasks when addressing alerts.
Overall, over 70% of organizations indicated limited or moderate visibility from code to cloud.
The report concluded by emphasizing the need for organizations to seek better visibility into their code-to-cloud environment, accelerate remediation, strengthen collaboration, and streamline processes to effectively counter risks.
You can read the full report by visiting the CSA website (pdf).
Interested in learning more about cybersecurity and the cloud from industry leaders? Check out the Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. Explore other upcoming enterprise technology events and webinars powered by TechForge here.