A survey conducted by the company reveals that 100% of companies have experienced at least one security incident, but continue to expand their online presence: 64% implement new AWS services every week
Vectra AI, among the leaders in the field of threat detection and response, has published the results of the new PaaS & IaaS Security Survey Report. The report analyzes the responses of 317 IT managers who use the AWS platform, 70% of whom come from organizations with more than a thousand employees. The report's findings show a rapid diffusion of AWS services and growing trust in them, but at the same time reveal dangerous security risk profiles within many organizations.
As digital transformation efforts intensify, the survey reveals that AWS is becoming an increasingly critical component for organizations that regularly deploy new workloads, develop new deployments in multiple countries, and rely on more than one AWS service.
In fact, the report shows that:
- 64% of developers surveyed deploy new workload services weekly or more frequently
- 78% of organizations use AWS services in different regions of the world (40% in at least three)
- 71% of respondents are currently using more than four AWS services (such as S3, EC2, IAM, and others).
The expansion of AWS services has led to a natural increase in complexity and risk, with 100% of companies surveyed experiencing at least one security incident in their public cloud environment. According to Gartner, in the future more than 99% of violations of cloud environments will find its cause in a wrong configuration by the user. Here are some risk profiles included in the Vectra report:
- 30% of the organizations interviewed do not require any formal approval before moving to the production phase
- 40% of those interviewed admit that they do not have a workflow based on the DevSecOps approach
- 71% of organizations attribute to 10 or more people the power to modify the entire infrastructure starting from their AWS environment, creating a significant number of possible vectors for hacker attacks.
Despite all these risk profiles, the report shows that companies are taking security seriously. Over half of the companies surveyed have a Security Operation Center (SOC) staffed by double digits, demonstrating a willingness to invest significantly to keep their organization secure.
“Securely protecting the cloud is nearly impossible due to its ever-changing nature,” he points out Massimiliano Galvagna, Country Manager Italy of Vectra AI. "To get closer to this goal, companies need to limit the number of possible attack vectors that could be exploited by cybercriminals. This means creating formal approval processes, DevSecOps workflows and limiting as much as possible the number of people who have access to the entire infrastructure. Finally, companies need to offer global security, valid in all regions and automate the greatest number of activities to improve their effectiveness".
Vectra AI responds to these needs through the creation of Detect for AWS, which reduces the risk of exploitation of cloud services, identifies threats to AWS services and automatically responds to attacks against applications running on AWS.
To find out more about the threats organizations are exposed to, you can download the entire report Paas & IaaS Security Survey Report or consult the Vectra blog AI.
