Sysdig Reveals Cloud Security Crossroads Where Companies Prioritize Speed Over Best Practices

By Greg Tavarez, TMCnet Editor  |  February 22, 2024

The race for faster application development is on, but a dangerous shortcut is emerging: prioritizing convenience over security. This risky practice might save time, but the potential consequences are explosive.

Companies overlook critical security measures and leave their applications and user data vulnerable to cyberattacks. This trend raises major concerns, not just for individual privacy, but for the financial and reputational damage breaches can inflict.

The "2024 Cloud-Native Security and Usage Report," compiled by Sysdig through analysis of millions of containers and thousands of cloud accounts, creates a better image of widespread convenience-driven shortcuts that leave organizations vulnerable.

One of the most concerning trends is the slow adoption of "shift-left" security practices. This approach emphasizes integrating security measures earlier in the development lifecycle, ideally before code is deployed to production. However, the report found a higher rate of policy failures in runtime scans (91%) compared to continuous integration and continuous delivery pipeline scans. This suggests that security vulnerabilities slip through the cracks and reach production environments, where they can be exploited by attackers.

Another major concern highlighted in the report is the rampant risk associated with poor identity management practices. Misconfigured permissions and excessive privileges create openings for attackers to move laterally within systems and escalate their access. The report found that organizations lack granular control over user and role permissions, leaving them exposed to privilege escalation attacks.

“I am disheartened by the massive number of excessive permissions being administered, especially for machine identities,” said Anna Belak, Director, Officer of Cybersecurity Strategy, Sysdig. “It feels a bit like obsessing over a plane crash while regularly running stop signs with no seatbelt on."

The growing prevalence of short-lived containers, a cornerstone of modern cloud-native deployments, also presents unique security challenges. These containers are often difficult to track and monitor, creating blind spots for security teams. The report found that a significant number of organizations lack effective solutions for securing short-lived containers, leaving them vulnerable to potential attacks.

While AI is touted as a game-changer in cybersecurity, the report reveals a slower-than-expected adoption rate within enterprises. According to the report, 69% of enterprises have yet to embed AI into their cloud environments. Sure, companies are exploring AI-powered security tools, but many remain cautious about their effectiveness and integration into existing workflows.

“Attackers are leveraging automation to exploit every point of weakness they can uncover,” said Crystal Morin, Cybersecurity Strategist at Sysdig. “This year’s report shows that many companies are chasing faster innovation at the cost of more comprehensive security – a gamble that poses real business risks.”

If anything should be taken from this report, it's to adopt a security-first approach, implement shift-left practices, address identity management vulnerabilities and embrace appropriate AI solutions. Only then are organizations better suited to navigate cloud security and mitigate the risk of cyberattacks.

Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]