Cloud technology has revolutionized the way businesses operate in recent years, allowing for greater flexibility and scalability in operations. However, along with the benefits come significant challenges, particularly in regards to cloud security. As more organizations migrate their operations to the cloud, the need for robust security measures continues to grow.
SUSE, a global technology company specializing in open-source software, has conducted a comprehensive survey on cloud security, analyzing trends and concerns prevalent among businesses. The survey was presented at the annual SUSECON conference in Munich, and it provides insight into the experiences and expectations of IT professionals worldwide.
The prevalence of cloud security incidents
The survey reveals that cloud security incidents are widespread, with 88% of those surveyed experiencing at least one incident in the last 12 months. The types of cloud security incidents vary, with data breaches and account hijacking being the most common.
Cloud security concerns
Not surprisingly, data stores hosted by cloud vendors or third parties were the top cloud security concern, with nearly a third of respondents citing this as their primary concern. This is particularly relevant given that nearly all businesses store sensitive information such as intellectual property and client data in the cloud.
Budget allocation for cloud-native security
The individuals surveyed spent about 36% of their IT budget on cloud-native security, highlighting the growing awareness of the importance of adequate investments in cloud security infrastructure. Some popular security solutions include: anti-virus software, firewalls, intrusion detection and prevention systems, virtual private networks (VPN), security information and event management (SIEM) systems, and encryption technologies. Both security automation and container firewall were widely adopted, each accounting for 38% of the respondents. Antivirus solutions were also commonly used, being at 32%.
Future concerns regarding source code auditability
One third of the respondents said that increased re-evaluation and prioritization of goals related to source-code auditability would become a concern in the coming years. This trend is evidenced by the increase in high-profile supply chain attacks that have highlighted the risks inherent in poor software development practices.
SUSE’s Recognition of Digital Transformation and Open Source Solutions
SUSE’s chief technology and product officer, Dr. Thomas Di Giacomo, said, “At SUSE, we recognize that every business is on a journey of digital transformation. This transformation can be vastly accelerated by open-source solutions.” The survey results emphasize the importance of investing properly in security solutions for businesses as they continue to rely more on cloud technology.
Source code auditability and SBOM depth/quality/security are priorities
45% of US respondents placed a higher priority on source-code auditability, while 36% focused on SBOM depth/quality/security to ensure businesses meet supply chain security goals. In contrast, Germany and the UK were less concerned about source-code auditing (with just 23% and 26% of respondents prioritizing it, respectively), and they spent less on cloud-native security.
Comparison of spending priorities between cloud-native security and source code auditing
The survey indicates that there is a correlation between a business’s investment in cloud-native security and their prioritization of source code auditability. US businesses, which spend the most on cloud-native security, also prioritize source code auditability more highly than businesses in the UK and Germany. This highlights the need for proper investments in both cloud-native security solutions and software development practices to ensure comprehensive security in the cloud.
Conclusion and announcement of survey result
In conclusion, the SUSE survey provides valuable insight into the current state of cloud security, as well as the concerns and investment priorities of businesses worldwide. As organizations continue to migrate operations to the cloud, it is clear that proper investments in cloud-native security solutions and software development practices to ensure source-code auditability will be essential in maintaining robust cloud security.
The survey results highlight that SUSE is well-positioned to support businesses that choose secure open-source solutions for their most mission-critical and innovative workloads as they transform with the cloud. SUSE’s commitment to open-source solutions aligns with the growing trend of businesses seeking more secure and customizable cloud technology.