Skip to main content

The rise of cloud is creating security blindspots

(Image credit: Shutterstock / vs148)

Businesses are growing increasingly reliant on Amazon Web Services (AWS), but with all the good, businesses must also face the bad. This is according to a new report from threat detection and response company Vectra AI, which says that the rise of cloud means greater complexity and more security blind spots.

Basing its conclusions on a poll of 317 IT executives using AWS, most of which came from organizations with at least 1,000 employees, Vectra AI says 64 percent of DevOps respondents are deploying new workload services weekly, if not faster. Almost four in five (78 percent) are running AWS across multiple regions, and 71 percent are using more than four AWS services. 

This increased expansion has led to new risks. All of the respondents suffered at least one incident in their public cloud environment in the last year, with 30 percent saying they had no formal sign-off before pushing to production. Another 40 percent said they don't have a DevSecOps workflow, and 71 percent said 10 or more people can modify the entire infrastructure in their AWS environment, opening it up for criminals in numerous ways.

The good news is that most companies aren’t oblivious to their security shortcomings. More than half have a double-digit security operations center (SOC) headcount, for example. 

“Securing the cloud with confidence is nearly impossible due to its ever-changing nature,” said Matt Pieklik, Senior Consulting Analyst at Vectra. 

“To address this, companies need to limit the number of attack vectors malicious actors are able to take. This means creating formal sign-off processes, creating DevSecOps workflows and limiting the number of people that have access to their entire infrastructure as much as possible. Ultimately, companies need to provide security holistically, across regions and automate as many activities as possible to enhance their effectiveness,” he concluded. 

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.