The Maturation of Cloud-native Security: Securing Modern Apps and Infrastructure
April 8, 2021David Puzas Endpoint & Cloud Security
More than ever, organizations are grappling with how to secure cloud-native applications. Protecting these applications — a combination of containers, virtual machines, APIs and serverless functions — from development to runtime requires reworking the approach many organizations take toward security. A new study from CrowdStrike and Enterprise Strategy Group (ESG) surveyed 383 IT and information security professionals to shine a light on this need.
The Need to Evolve Cloud Security Programs Is Front and Center
In the survey, 88% of respondents said their cybersecurity program needs to evolve to secure their cloud-native applications and their use of public cloud infrastructure, with many citing challenges around maintaining visibility and consistency across disparate environments. For many organizations, these challenges remain unanswered — and the results are troubling. In fact, of the IT and cybersecurity professionals ESG surveyed, only 12% reported not experiencing any cyber incidents targeting their cloud-native apps or infrastructure over the past year.
The most commonly named challenge to cloud-native app security (47%) was maintaining security consistency between the data center and the public cloud environments where cloud-native applications are deployed. Relying on point solutions and creating security silos contribute to a lack of centralized controls and policies. This reality is exacerbated by a poor understanding of the threat model for cloud-native applications and infrastructure (noted by 31%) and a lack of visibility into the public cloud infrastructure hosting cloud-native applications (30%).
Lack of Visibility and a Diverse Threat Model Are Driving the Need for a Defense-in-depth Strategy
Awareness of the cloud security visibility gap has grown in light of an increase in privileged cloud credential compromises. Poor attention to identity and access management (IAM) often leads to attackers targeting accounts with excessive permissions and threat actors gaining access to services due to open ports. When asked what the most common cloud misconfigurations were in the last 12 months, the most common answer given was having a default or no password required for access to management consoles (30%). The next three most common answers were externally facing server workloads (27%), overly permissive service accounts (25%) and overly permissive user accounts (25%).
Organizations adopting cloud-native applications are facing an increasingly diverse threat landscape, which is sparking a push toward automation, deeper integration of point solutions, and the combining of IT operations and security functions. Here is where DevSecOps enters the discussion. With different types of cloud-native controls needed for different layers of the stack and the life cycle stage, the report observes that improving security will require marrying security functions and IT operations. Already, DevOps, IT Ops and security teams are heavily involved when it comes to the selection and procurement of cloud-native security controls, leading the way in terms of defining requirements and performing technical evaluations, according to the study.
A key focus for spending is automation. Forty-one percent said that automating the introduction of controls and processes via integration with the software development lifecycle and continuous integration and continuous delivery (CI/CD) tools as a top priority. Through automation, organizations can keep pace with the elastic, dynamic nature of cloud-native applications and infrastructure. This fact makes the ability to integrate cloud-native security controls with the tools that manage the software development lifecycle (SDLC) — including the CI/CD stages — a must-have.
Consolidation to Integrated Cloud-native Platforms Is Underway
In tandem with this “shift-left” approach, organizations are also looking to trade point tools for integrated platform modules. The endgame is to enable a centralized approach to securing heterogeneous cloud-native applications deployed across distributed clouds. More than half of the survey participants indicated they plan to move to an integrated platform in the next 12-24 months, and 39% say they have already migrated to an integrated platform.
According to the survey, another spending focus for organizations is on technologies that will aid in closing the visibility gap. Among the top spending priorities that could improve visibility are cloud security posture management solutions (38%) and endpoint detection and response (EDR) capabilities for cloud-resident workloads (36%). In addition, many respondents cite the need for technologies that provide an audit trail for privileged user and service account activity and the ability to identify workload configurations that are out of compliance with industry best practices and regulatory frameworks.
Much of this spending will be accelerated by the broader adoption of infrastructure-as-a-service and platform-as-a-service solutions, and the continued development of cloud-native applications. Done securely, embracing cloud-native applications and architecture enables businesses to combine the cloud’s inherent flexibility with cloud-based technologies to increase their speed-to-market and unlock efficiencies. To learn more about the challenges organizations are facing and how they are closing the security gaps in their cloud-native environment, download the study here.
Learn more about how an integrated defense-in-depth platform fills gaps in inconsistencies, misconfigurations and visibility — join our CrowdCast with ESG on Apr. 8, or watch it on demand.
- Find out about the comprehensive breach defense and container security offered by Falcon Cloud Security.
- See how CrowdStrike makes cloud security posture management simple — visit the Falcon Cloud Security page dedicated to CSPM benefits .
- Test CrowdStrike next-gen AV for yourself. Start your free trial of Falcon Prevent™ today.