Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

05:20 PM
Connect Directly

The Security Costs of Cloud-Native Applications

More than 60% of organizations report the bulk of new applications are built in the cloud. What does this mean for security?

Businesses are increasingly reliant on cloud-native applications despite the strong, broad perception that use of the cloud will drive security risks. So, where are the security gaps and which issues are top of mind?

The data comes from "The State of Cloud Native Security," a new study sponsored by Capsule8, Duo Security, and Signal Sciences. Researchers polled 486 senior-level decision makers and security pros from companies generating at least $250 million (50%) or at least $1 billion (50%) in revenue across eight industries, including financial services, tech, education, retail, government, nonprofits, manufacturing, and transportation.

They found 62% of companies rely on cloud-native applications (CNAs) for more than half of their apps, a figure predicted to hit 80% over the next three years. More than half of respondents believe CNAs increase their risk and view security as a barrier for adoption.

Visibility into cyberattacks is one security concern at top of mind: 73% of respondents say they lack actionable insight into threats and ongoing attacks. At a network level, poor visibility leads to spurious alerts, explains Capsule8 CEO John Viega. And as cyberattacks increase, so does the rise of security notifications: Only about one-third of businesses surveyed could addresses more than 75% of alerts their company receives.

False positives are another key issue plaguing IT and security environments: 46% of respondents say more than half of production environment alerts were false positives. Poor analytics is the top driver of false positives, according to nearly half of security and IT experts polled.

Employees in more traditional environments "throw algorithms at the problem" and try to gather and process more data as a means of improving threat detection, Viega explains.

However, in a cloud-native environment, "we're finding the biggest wins come from first improving the quality of the data before you improve the algorithms," he says. Instead of evaluating massive amounts of traffic at high speed, companies using CNAs have access to the cloud provider's API and can analyze data in a way that won't affect system performance.

As cloud infrastructure and applications take on a bigger role in production environments, security becomes a greater priority. The biggest concerns here are malware on servers (32%), targeted attacks from known threat actors (17%), and zero-day attacks (12%).

Nearly half (48%) of respondents say an attack has done damage to production environments, resulting in system damage (48%), loss of customer data (44%), and loss of financial data (31%).

Motivating the Move to Cloud
Researchers pointed to three primary drivers for the move to cloud-native apps: nearly 40% of respondents say they're "modernizing the most critical parts of the business." Thirty-one percent cite new software development, stating this is the way software is built now, and 29% report operational cost savings.

The larger the organization, the more likely it will rely on cloud-native apps for new deployments. For example, 55% of companies with $250 million to $499 million in revenue have most of their new apps running as cloud native. That number jumps to 60% for companies with $500 million to $999 million in revenue, 63% for those with $1 billion to $4.9 billion in revenue, and 71% for those with $5 billion to $9.9 billion in revenue.

However, that's where things take a turn. Businesses with more than $20 billion in annual revenue are "a bit more on the conservative side," experts report. Only 61% deploy more than half of their applications as cloud native; 23% use less than a quarter cloud-native apps.

CNA usage also varies by industry. Government institutions, for example, are least likely to extensively use them, and only 46% report the majority of their new apps are native to the cloud. On the other side of the spectrum are education, which reports 70% reliance on CNAs, along with financial services and technology (67% each), and 65% of retail companies.

"The people who are leading are not regulated and build a lot of software," Viega points out, using media companies and tech companies that grew up in the cloud as examples. Businesses in regulated environments tend to move less mission-critical applications to the cloud first.

"For a large financial institution, the consumer-facing platform might be one of the last things to go because that will get a tremendous amount of oversight," he says as an example.

Rethinking Security
Companies polled experienced at least twice as many cyberattacks this year compared with last year, researchers found. Viega says the increase isn't necessarily due to cloud.

"In many respects, the bad guys are the same and using the same techniques," he explains. Fifteen years ago, applications were made up of 90% custom code and 10% open source — today, it's about 80% to 90% open source and a little bit of custom code. This "definitely changes the equation a bit," he adds, as it gives the attacker more visibility into what he might exploit, regardless of whether an application is running in the cloud or not.

He advises companies to rethink security as they adopt cloud and not to "lift and shift" the way they do security in their traditional environments. You'll find it doesn't give scalability and cost-effectiveness, he says. In fact, fitting "a square peg in a round hole" can worsen security.

Related Content:


Black Hat Europe returns to London Dec. 3-6, 2018, with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-19
VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level.
PUBLISHED: 2021-04-19
Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. This connection can be intercepted using DNS spoofing attack and a device initiated remote port-forward channel can be us...
PUBLISHED: 2021-04-19
In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal management service is accessible on port 8000 and some API endpoints could be accessed without authentication to trigger a shutdown, a reboot or a reboot into recovery mode.
PUBLISHED: 2021-04-19
In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root user using a command injection vulnerability.
PUBLISHED: 2021-04-19
In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface over unencrypted HTTP protocol. Communication between the user and the device can be eavesdropped to hijack sessions, tokens and passwords.