According to a survey, 88% of surveyed teams have been affected by a cloud security incident at least once in the last 12 months. Of these teams, 76% experienced multiple incidents, while 11% experienced more than 10 incidents during this period.
In its latest industry trend report, Securing the Cloud, SUSE presents the results of an in-depth survey of 501 executives and IT professionals from the US, Germany and the UK. The report analyzes the most pressing challenges IT teams face in securing cloud environments and provides valuable insights into proven solutions.
Dr. Thomas Di Giacomo, Chief Technology and Product Officer at SUSE, emphasizes that enterprises are on the path to digital transformation. SUSE recognizes the great importance of open source solutions to effectively accelerate this process. The ‘Securing the Cloud’ trend report analyzes the perspectives of IT teams as they grapple with the increasing adoption of complex cloud native technologies. The global threat landscape is constantly changing, bringing with it new security risks. SUSE is ideally positioned to help enterprises select secure open source solutions for their most mission-critical and innovative workloads, while driving their migration to the cloud.
Cloud security has top priority due to increasing fears
Based on the survey results, IT decision makers experienced an average of four security incidents related to the use of cloud services last year. It is interesting to note that the number of incidents in the U.S. has increased to five, while in Europe it has decreased to three. This could be due to different security measures and practices in the two regions. The increase in security incidents has led to security concerns affecting the widespread adoption of cloud technologies. Nevertheless, 88% of professionals are willing to move more workloads to the cloud and edge, provided the integrity of their data is reliably guaranteed.
When considering cloud security, data storage security is seen as the most pressing issue. According to a survey, 31% of respondents cited storing data in the cloud or with third parties as their primary security concern. This highlights the concern about protecting sensitive information when it is stored offsite. In addition, runtime attacks from dangerous actors, security policy management, and federation and automation are cited as strong secondary concerns, with priorities varying slightly between the U.S. and Europe.
Cloud native security spending accounts for more than one-third of IT budget
Based on the survey results, the average percentage of the IT budget that companies spend on cloud-native security is 36%. Interestingly, the data shows that respondents in the U.S. reserve a higher percentage for this area, at 42%, than their European counterparts, at 33%. This discrepancy could be due to differences in cloud market maturity, regulation or security risk perceptions between the two regions.
Current usage of cloud security practices reflects a variety of approaches. Both security automation and container firewall are strongly represented, each accounting for 38% of total usage. This is followed by cloud vendor-provided security policies and management tools at 36%, followed by security policy automation at 34%. It is interesting to note that certain cloud security practices have a much higher popularity among IT decision makers in the US than among their European counterparts. CSPM (Cloud Security Posture Management), CWPP (Cloud Workload Protection Platform) and CNAPP (Cloud Native Application Protection Platform) are favored by 42% of U.S. decision makers, compared to only 26% in Europe.
The use of free or paid monitoring or security tools is higher among decision makers in the U.S., at 33%, than in Europe, where only 24% use such tools. Similarly, a similar trend is evident in the use of PSP (Policy Security Policy) or PSA (Policy Security Automation) policies, with 31% of U.S. decision makers relying on such policies compared to 22% in Europe. In addition, 32% of U.S. decision makers use Kubernetes network policies, compared to only 15% of European decision makers. Regarding the use of free CVE (Common Vulnerabilities and Exposures) and paid scanners, the difference is also 8 percentage points, with 26% of U.S. decision makers using such tools compared to 18% in Europe.
Based on the qualitative feedback, the respondents emphasize the significant advantages of open source software. The pooling of developers’ attention enables concentrated and efficient further development of the software. The openness of the code promotes transparency and enables the community to quickly identify and fix potential vulnerabilities through shared knowledge.
Looking to the future: source code review becomes standard practice
A large proportion of IT decision makers (33%) expect to see an increased re-evaluation and prioritization of source code review in the coming years. This includes testing as well as manual review of the code base to detect errors. In terms of priorities, 30% of respondents will emphasize build quality, while 28% will place particular focus on SBOM depth, quality and security.
A comparison of the survey results from the U.S. and Europe highlights striking differences in participants’ priorities regarding security objectives in supply chains. Participants from the U.S. consider source code auditability to be significant in achieving security objectives, with an agreement rate of 45%, and SBOM depth, quality, and security, with an agreement rate of 36%. In contrast, Germany and the UK show less interest in source code auditing, with only 23% and 26% of participants, respectively, seeing this as a priority. Additionally, spending on securing in the cloud is lower in these countries compared to the US. However, it is noticeable that European participants (40%) are significantly more likely to expect a reassessment of build quality objectives compared to their American counterparts (15%).