SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Despite 100% of companies experiencing security incidents, 64% still deploy AWS services weekly
Thu, 5th Aug 2021
FYI, this story is more than a year old

Vectra AI finds that even though 100% of companies have experienced a security incident, they continue to expand, with 64% deploying new AWS services weekly.

Vectra AI has released the findings of the PaaS and IaaS Security Survey Report. The report compiled answers of 317 IT executives, all using Amazon Web Services (AWS), with 70% coming from organisations of 1,000+ employees. The findings simultaneously show a rapid expansion and reliance on AWS services, while also showcasing security blind spots within many organisations.

AWS is becoming an ever-increasingly critical component as digital transformation continues. Organisations regularly deploy new workloads, leverage deployments in multiple regions, and rely on more than one AWS service.

The survey found:

  • 64% of DevOps respondents are deploying new workload services weekly or more frequently.
  • 78% of organisations are running AWS across multiple regions (40% in at least three).
  • 71% of respondents say they are using more than four AWS services (S3, EC2, IAM, and others).

According to the report, the expansion of AWS services has led to increased complexity and risk. All the companies surveyed have experienced at least one security incident in their public cloud environment in the last 12 months. Gartner anticipated over 99% of cloud breaches would have a root cause of customer misconfiguration.

The Vectra report uncovered several blind spots, including 30% of organisations surveyed having no formal sign-off before pushing to production and 40% of respondents saying they don't have a DevSecOps work flow. While 71% of organisations say that ten or more people can modify the entire infrastructure in their AWS environments, creating numerous attack vectors for hackers
 
Despite these blind spots, the survey found companies are taking security seriously. Over half the companies surveyed reported double-digit security operations centre head counts, showing significant investment in keeping their organisations secure.

“Securing the cloud with confidence is nearly impossible due to its ever-changing nature,” says Vectra senior consulting analyst, Matt Pieklik.

“To address this, companies need to limit the number of attack vectors malicious actors are able to take. This means creating formal sign-off processes, creating DevSecOps work flows and limiting the number of people that can access their entire infrastructure as much as possible.”

He says that ultimately, companies need to provide security holistically across regions and automate as many activities as possible to enhance their effectiveness.