Palo Alto Networks has found that 90% of organizations said they can’t detect, contain and resolve cyber threats within an hour. This is one of many findings from the firm’s 2023 State of Cloud-Native Security Report. The report surveyed more than 2,500 C-level executives around the world. It also gauged their cloud adoption strategies, and how those strategies are working.

Bad actors are working just as fast as developers to take advantage of organizations’ vulnerabilities. What could go wrong often does go wrong, the company said. Any cloud asset that is inadvertently exposed to the internet can be compromised within minutes. Detecting threats in real time represents the new frontier of cloud security, the report said.

More Operations in the Cloud

The expansion of hybrid work during the pandemic drove organizations to expand their use of clouds by more than 25%. As a result, DevOps teams are being pressed to deliver production code at warp speed — making application security more complex and putting pressure on security organizations to keep pace.

With organizations of all sizes moving more of their operations to the cloud, a majority are struggling to automate cloud security and mitigate risks. It’s one reason why many companies are trying to improve security earlier in the development process. They are looking for fewer vendors that can offer more security capabilities.

However, as more applications are being built in the cloud using off-the-shelf software, there’s a risk that any vulnerability in the development process could compromise an entire application later. That’s why more companies are encouraging a deeper level of engagement between application developers and security tools and teams. Eighty-one percent of respondents said they have embedded security professionals inside their DevOps teams.

Palo Alto Networks’ Ankur Shah

Ankur Shah is senior vice president, Prisma Cloud, Palo Alto Networks.

“With three out of four organizations deploying new or updated code to production weekly, and almost 40% committing new code daily, no one can afford to overlook the security of cloud workloads,” Shah said. “As cloud adoption and expansion continues, organizations need to adopt a platform approach that secures applications from code to cloud across multicloud environments.

Teams Don’t Comprehend Security Responsibilities

When asked about the challenges of moving to the cloud, respondents’ top concerns remained unchanged from Palo Alto’s 2020 report. There are still struggles with comprehensive security, compliance and technical complexity. A large majority (78%) of organizations said they have distributed responsibility for cloud security to individual teams. Almost half (47%) said a majority of their workforce does not understand their security responsibilities.

Three quarters of the leaders surveyed said they struggle to identify which security tools are necessary to achieve their objectives. This has led many of them to implement numerous single point solutions. The average organization uses more than 30 security tools, including six to 10 dedicated to cloud security.

The sheer number of security tools makes it difficult for leaders to have in-depth visibility into their entire cloud portfolio. Seventy-six percent of survey respondents reported that using multiple security tools creates blind spots. This affects their ability to prioritize risk and prevent threats. And 80% said they would benefit from a centralized security solution that sits across all their cloud accounts and services.