3 large takeaways from the Snyk State of Cloud Safety 2022 Report


Cloud computing has created an even bigger shift within the IT trade over the last 20 years than another issue. With cloud know-how, corporations can construct, deploy, and scale their purposes sooner than ever. Nonetheless, cloud prospects have been struggling a variety of safety occasions inside the previous 12 months, with knowledge breaches, knowledge leaks, and intrusions into their environments among the many most severe. 

Snyk not too long ago surveyed greater than 400 cloud engineering and safety professionals and leaders throughout varied organisation varieties and industries. Created in partnership with Propeller Insights, the findings are summarised within the Snyk State of Cloud Safety 2022 report. The report takes a deep dive into the dangers and challenges they face, and the place they’re efficiently addressing these dangers. 

In accordance with the State of Cloud Safety 2022 Report, 80% of organisations suffered a severe incident inside the final 12 months, and 33% suffered a cloud knowledge breach.The shift to builders constructing and operating apps natively within the cloud is altering cloud safety, in keeping with insights. Within the ensuing report, Snyk’s cloud safety researchers mixed their evaluation of the survey knowledge with observations from their very own expertise. Listed here are the three large takeaways.

Cloud native purposes circumstances convey new safety challenges — and alternatives

The predominant cloud use case has been as a platform for internet hosting third-party purposes or purposes migrated out of their knowledge facilities. 1 / 4 of Snyk’s survey respondents indicated that the first use for cloud environments is growing and operating purposes natively within the cloud.

Groups utilizing the cloud as a platform have produced a lot of improvements, together with Infrastructure as Code (IaC), the coding course of builders use to construct and handle cloud infrastructure alongside their purposes. 

Moreover, builders leveraging the cloud are making growing use of cloud native approaches, similar to containers and serverless “capabilities as a service” architectures. 

These adjustments have implications for safety. 41% of groups adopting cloud native approaches confirmed that doing so has elevated their safety complexity. Cloud native approaches additionally require groups so as to add further safety experience and introduce further safety coaching. Cloud native additionally necessitates the adoption of latest safety tooling and methodologies, similar to a “Shift Left” method.

However whereas constructing and operating purposes within the cloud brings new safety challenges, groups utilizing this method are experiencing fewer severe safety incidents. The subsequent two large takeaways from the report assist clarify why. 

Builders are taking possession of cloud safety

Who owns cloud safety? Relying on who you ask, you’re prone to get a unique reply. Whereas IT owns cloud safety in roughly half of all organisations, 42% of cloud engineers say that their staff is primarily liable for cloud safety. Nonetheless,  solely 19% of safety professionals agree that engineering groups are doing that work. 

This can be defined by the truth that cloud engineers are investing important effort and time into cloud safety duties, they usually’re typically searching for methods to automate and streamline these processes. The adoption of infrastructure as code for deploying and managing cloud environments supplies engineers with the chance to seek out and repair points in growth fairly than post-deployment, when remediations require extra time and assets.

Builders management the cloud computing infrastructure itself as a result of the cloud is absolutely software-defined. Once they construct purposes within the cloud, they’re additionally constructing the infrastructure for purposes as an alternative of shopping for a pile of infrastructure and including apps. That may be a coding course of utilizing Infrastructure as Code (IaC), and builders personal that course of. 

Infrastructure as code safety delivers a giant ROI 

IaC safety is a large win — not only for lowering the speed of misconfiguration, however for bettering engineering staff productiveness and velocity of deployments. Inefficient cloud safety processes typically turn out to be the rate-limiting issue for how briskly groups can go within the cloud, and IaC safety delivers important enhancements in velocity and productiveness. 

The median discount within the charge of misconfiguration in operating cloud environments ensuing from IaC safety pre-deployment is 70%. Whereas IaC safety can’t stop all runtime misconfigurations, a 70% drop is important, and might decrease the chance for organisations considerably.

That lower within the variety of misconfigurations additionally has a direct affect on cloud engineering productiveness.  As a result of these groups can scale back the period of time they should put money into managing and remediating issues, they’ll spend extra time constructing and including worth to the organisation. 

What efficient cloud safety groups are doing

A transparent majority of cloud safety and engineering professionals consider that the chance of a cloud knowledge breach at their organisation will improve over the following 12 months, with solely 20% anticipating dangers to lower.

Efficient cloud safety requires stopping misconfigurations and architectural design vulnerabilities that make cloud assaults potential. Success requires specializing in these 5  basic areas: 

  1. Know your surroundings. Keep consciousness of the configuration state of your cloud surroundings in full context with the purposes it runs and the SDLC used to develop, deploy, and handle it. 
  • Give attention to prevention and safe design. Forestall the situations that make cloud breaches potential, together with useful resource misconfigurations and architectural design flaws. You possibly can’t depend on the power to detect and forestall assaults in progress. 
  • Empower cloud builders to construct and function securely. When engineers develop safe infrastructure as code, they’ll keep away from time-consuming remediations and rework later, whereas delivering safe infrastructure sooner.
  • Align and automate with coverage as code (PaC): In case your safety insurance policies are expressed solely in human language, they could as properly not exist in any respect. With PaC, you’ll be able to specific insurance policies in a language different applications can use to validate correctness, and also you’ll align all stakeholders to function beneath a single supply of belief on safety coverage.  
  • Measure what issues: establish what issues essentially the most, be it lowering the speed of misconfiguration, dashing up approval processes, or bettering staff productiveness. Safety groups ought to set up safety baselines, set targets, measure progress, and be able to show the safety of their cloud surroundings at any time.

Following these 5 steps permits safety and engineering groups to work collectively to operationalise cloud safety, which reduces danger, accelerates innovation, and improves staff productiveness. 


Leave a Reply