Cloud security vendor Sysdig's 2024 Cloud-Native Security and Usage Report outlines a concerning trend of businesses prioritising speed and convenience over robust cloud security practices. Findings highlight the slow adoption of 'shift-left' principles, widespread identity management risk, and the cautious integration of Artificial Intelligence (AI) across enterprises.
The seventh annual report leverages real-world data derived from millions of containers and thousands of cloud accounts, users, and roles, exposing the practice of prioritising swift application development over preventative security. This comes amid substantial infrastructure breaches in renowned organisations and newly updated cybersecurity and disclosure regulations from the Securities and Exchange Commission (SEC).
The report details that a staggering 69% of enterprises have yet to incorporate AI into their cloud environments. Although 31% of companies have incorporated AI frameworks and packages, just 15% of these integrations utilise generative AI tools such as large language models (LLMs). It reveals a paradoxical behaviour whereby organisations ignore security best practices but exercise caution when adopting AI within their enterprise environments.
A concerning 91% of runtime scans fail, indicating a reliance on threat detection over prevention. In 'shift-left' security, organisations scan frequently in the developmental phase to identify failed builds, rectify the code, and then redeploy, aiming to intercept issues before delivery and exploitable conditions for cyber attackers. The failure rate suggests a worrying dependency on threat detection over proactive prevention.
The report also highlights a significant oversight in identity management, with only 2% of granted permissions actively utilised. This figure demonstrates how this facet of security, applicable to both humans and machines, presents not only a neglected risk but an opportunity for companies to enhance their security position. Notably, last year's Sysdig report indicated that 90% of permissions went unused, an increase year-over-year.
Sysdig's report also draws attention to the fact that shorter container lifespans do not deter attackers. Hackers' use of automation for discovery and reconnaissance provides an immediate understanding of cloud environments, enabling lateral movement. As such, vulnerable workloads, irrespective of their brevity, can still expose organisations to attacks.
"Attackers are leveraging automation to exploit every point of weakness they can uncover," stated Crystal Morin, Cybersecurity Strategist at Sysdig. "This year's report shows that many companies are chasing faster innovation at the cost of more comprehensive security – a gamble that poses real business risks."
"Though I am unsurprised by the apprehension around the security of new technologies like AI, I am disheartened by the massive number of excessive permissions being administered, especially for machine identities," Anna Belak, Director, Office of Cybersecurity Strategy at Sysdig, commented. It is evidently akin to "obsessing over a plane crash while regularly running stop signs with no seatbelt on."