CSA Official Press Release
New Study Examines Application Connectivity Security in the Cloud
Companies encountering numerous pain points as they seek to manage application connectivity security and risk
SEATTLE – Jan. 18, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released Deconstructing Application Connectivity Challenges in a Complex Cloud Environment. The survey, conducted in partnership with AlgoSec, a global cybersecurity leader in securing application connectivity, sought to better understand the industry’s knowledge, attitudes, and opinions regarding application connectivity security in the cloud.
“Increasingly, organizations are taking advantage of SaaS applications to the point where application security has become an integral part of many organizations' security strategies. Despite their growing prevalence, organizations are still faced with a host of pain points when it comes to application connectivity security and risk management,” said Hillary Baron, Senior Technical Director for Research, Cloud Security Alliance, and a lead author of the report.
Among the key findings:
- Managing risk for application connectivity is a complicated task. Lacking a single source of truth, organizations are trying to use multiple methods to get similar information: 53 percent of respondents reported using a cloud provider’s assessment service; 50 percent use a third-party cloud-only tool, another 45 percent use a generic risk or vulnerability assessment tool, and 32 percent use a third-party hybrid network security tool.
- Managing application connectivity risks in the deployment process is changing. Traditional security teams are responsible for identifying and mitigating risk and this still holds true for 42 percent of organizations. However, there is a shift happening: Thirty-two percent of organizations utilize infrastructure as code with embedded security checks, suggesting organizations are beginning to use more automation, leaving less room for human error.
- Human error is leading to significant application downtime. Nearly 75 percent of organizations have experienced an application outage in the past 12 months, and for over half (52%) of the outages, operational human error and mismanagement was the cause—unsurprising, given the skills gap that has plagued the information security industry.
“As cloud-native business applications become the standard for business transformation and innovation, the need to incorporate security into the DevOps process is paramount,” said Jade Kahn, Chief Marketing Officer, AlgoSec. “However, cumbersome security processes and lack of visibility are slowing applications’ time-to-market and compromising security in this new paradigm. This research underscores the importance of identifying risk early in the DevOps process and aligning all stakeholders around risk and compliance gaps from the start.”
The survey, which was sponsored by AlgoSec, was conducted online by CSA in August 2022 and received 1,551 responses from IT and security professionals from organizations of various sizes and locations. CSA research prides itself on vendor neutrality, agility, and integrity of results. Sponsors are CSA Corporate Members who support the findings of the research project but have no added influence on the content development or editing rights to CSA research.
AlgoSec, a global cybersecurity leader, empowers organizations to secure application connectivity by automating connectivity flows and security policy, anywhere. The AlgoSec platform enables the world’s most complex organizations to gain visibility, reduce risk, achieve compliance at the application-level and process changes at zero-touch across the hybrid network. AlgoSec’s patented application-centric view of the hybrid network enables business owners, application owners, and information security professionals to talk the same language, so organizations can deliver business applications faster while achieving a heightened security posture. Over 1,800 of the world’s leading organizations trust AlgoSec to help secure their most critical workloads across public cloud, private cloud, containers, and on-premises networks. See what securely accelerating your digital transformation, move-to-cloud, infrastructure modernization, or micro-segmentation initiatives looks like at www.algosec.com.
About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.
ZAG Communications for CSA
Director of Brand and Marketing Communications, AlgoSec
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.
For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.