Why companies continue to struggle with cloud visibility – and code vulnerabilities

James has more than a decade of experience as a tech journalist, writer and editor, and served as Editor in Chief of TechForge Media between 2017 and 2021. James was named as one of the top 20 UK technology influencers by Tyto, and has also been cited by Onalytica, Feedspot and Zsah as an influential cloud computing writer.

A new report from the Cloud Security Alliance (CSA) has thrown up more difficulties organisations are facing in security remediation – and achieving visibility from code to cloud.

The report, produced in collaboration with security firm Dazz, polled just over 2,000 IT and security professionals to better understand current cloud environments and security tools. The results were less than confident.

Less than a quarter (23%) of organisations polled reported full visibility in their cloud environments. Around two thirds (63%) of those polled consider duplicate alerts either a moderate or significant challenge, while a similar number (61%) use anywhere between three and six different detection tools.

At code level, just under two in five (38%) of those polled said that between 21% and 40% of their code contains vulnerabilities. 4% said more than 80% of their code was vulnerable, while only just over a quarter (27%) of respondents were confident in the security of at least 80% of their code.

The report also found that more than half of the vulnerabilities addressed by organisations tended to recur within a month of being remediated. The causes for such reoccurrences are myriad; the report noted limited resources, insufficient expertise, as well as the ‘inherent complexity’ of vulnerabilities as possible factors.

Manual overhead is considered another issue. The report noted general inefficiencies with organisational practices, with initial phases of vulnerability management ‘appear[ing] to consume a disproportionate amount of time.’ Three quarters of organisations analysed said they had security teams spending at least 20% of their time performing manual tasks when addressing alerts. The report added that lack of definition in roles could be a symptom, while automation in remediation processes was currently underutilised.

In total, more than 70% of organisations polled said they had either limited or moderate visibility from code to cloud.

“As cybersecurity threats evolve, organisations must adapt by seeking better visibility into their code to cloud environment, identifying ways to accelerate remediation, strengthening organisational collaboration, and streamlining processes to counter risks effectively,” the report concluded.

You can read the full report by visiting the CSA website.

Photo by Pixabay

Editor’s note: A previous version of this story provided a broken link to the report. This has since been fixed.

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: , , ,

View Comments
Leave a comment

2 comments on “Why companies continue to struggle with cloud visibility – and code vulnerabilities

Leave a Reply

Your email address will not be published. Required fields are marked *