Almost all cloud security issues reported during the production stage are never addressed, according to the newly released State of DevSecOps report from Accurics.
The report states that 96 percent of issues reported in production go unresolved, due to costs and challenges associated with investigating issues at this late stage of the development cycle.
Misconfiguration of cloud-native technologies across the full cloud native stack is also a growing problem, with cybercriminals constantly scanning for areas of weakness.
Accurics claims organisations are shifting towards managing cloud infrastructure through code in order to solve the problem. While this does allow businesses to embed security earlier in the DevOps lifecycle, the "lack of holistic protection" means they remain vulnerable, according to the report.
Even businesses that govern infrastructure code properly still suffer issues with privileged users, who often make changes to cloud infrastructure after it is provisioned, causing drift from the secure baseline that was previously established.
For Sachin Aggarwal, Accurics Co-founder & CEO, current security practices are “grossly inadequate”.
“As cloud stacks become increasingly complex, with new technologies regularly added to the mix, what’s needed is a holistic approach with consistent protection across the full cloud stack, as well as the ability to identify risks from configuration changes to deployed cloud infrastructure from a baseline established during development," he said.
"The shift to infrastructure as code enables this; organizations now have an opportunity to redesign their cloud security strategy and move away from a point solution approach.”