IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Most CISOs worry cloud software flaws aren’t being caught

Traditional application security measures are broken

Around three-quarters (71%) of CISOs doubt that their code in the cloud is free from flaws before going into production, new research has found.

According to a worldwide survey of CISOs in large enterprises with over 1,000 employees, 89% of CISOs said microservices, containers, and Kubernetes have caused application security blind spots. The survey also found 97% of organizations don't have real-time visibility into runtime vulnerabilities in containerized production environments.

Pressures to make code live and not having the right tools and processes to ensure code is vulnerability-free for cloud-native apps have worsened these issues.

Over two-thirds of CISOs (68%) said the volume of alerts makes it very difficult to prioritize vulnerabilities based on risk and impact. On average, security teams need to react to 2,169 new alerts, but only 42% of potential application security vulnerabilities each month need action, as the rest are false positives.

Over one-in-four CISOs (28%) said application development teams sometimes bypass vulnerability scans to speed up delivery. Another three-quarters (74%) said traditional security controls, such as vulnerability scanners, are no longer fit for purpose in today's cloud-native world.

Bernd Greifeneder, founder and chief technology officer at Dynatrace, said the increased use of cloud-native architectures has "fundamentally broken traditional approaches to application security."

Related Resource

The secure cloud configuration imperative

The central role of cloud security posture management

The secure cloud configuration imperativeFree download

"This research confirms what we've long anticipated: manual vulnerability scans and impact assessments are no longer able to keep up with the pace of change in today's dynamic cloud environments and rapid innovation cycles," Greifeneder said.

"Risk assessment has become nearly impossible due to the growing number of internal and external service dependencies, runtime dynamics, continuous delivery, and polyglot software development, which uses an ever-growing number of third-party technologies. Already stretched teams are forced to choose between speed and security, exposing their organizations to unnecessary risk."

Over three-quarters of CISOs (77%) said the only way for security to keep up with modern cloud-native application environments is to replace manual deployment, configuration, and management with automated approaches.

"As organizations embrace DevSecOps, they also need to give their teams solutions that offer automatic, continuous, and real-time risk and impact analysis for every vulnerability, across both pre-production and production environments, and not based on point-in-time 'snapshots'," said Greifeneder. 

Featured Resources

Accelerating healthcare transformation through patient-centred medtech solutions

Seize the digital transformation opportunities to streamline patient care and optimise patient outcomes

Free Download

Big payoffs from big bets in AI-powered automation

Automation disruptors realise 1.5 x higher revenue growth

Free Download

Hyperscaler cloud service providers top ten

Why it's important for companies to consider hyperscaler cloud service providers, and why they matter

Free Download

Strategic app modernisation drives digital transformation

Address business needs both now and in the future

Free Download

Recommended

Open the doors to the hybrid workplace with Microsoft secure remote desktops
Whitepaper

Open the doors to the hybrid workplace with Microsoft secure remote desktops

7 Dec 2022
How to build a multi-cloud strategy to meet your business goals
Whitepaper

How to build a multi-cloud strategy to meet your business goals

5 Dec 2022
Getting board-level buy-in for security strategy
Whitepaper

Getting board-level buy-in for security strategy

30 Nov 2022
Best free malware removal tools 2022
Security

Best free malware removal tools 2022

28 Nov 2022

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
Larger monitors aren't all they're cracked up to be
monitors

Larger monitors aren't all they're cracked up to be

3 Dec 2022
Defra's legacy software problem 'threatens' UK gov cyber security until 2030
Business strategy

Defra's legacy software problem 'threatens' UK gov cyber security until 2030

6 Dec 2022