DivvyCloud: Cloud and Container Security Lacking

Zoom faces harsh criticism, investigations and litigation as new questions about lax security practices surface. But a new study shows many enterprises are lacking when it comes to cloud and container security.

The new DivvyCloud report shows nearly one half of developers ignore cloud and container security policies. DivvyCloud surveyed nearly 2,000 IT professionals and compared data to its 2019 report.

Eighty-five percent of enterprises believe public cloud fuels innovation. However, the majority are not equipped to operate in the cloud securely.

Only 40% of organizations using public cloud have an approach to managing cloud and container security.

Only 58% said their organization has clear guidelines and policies for developers building applications and operating in the public cloud. And of those, one in four (25%) said these cloud and container security policies are not enforced. Another 17% confirmed their organization lacks clear guidelines entirely.

Other findings include:

• Developers and engineers sometimes ignore or circumvent cloud and container security and compliance policies. That’s according to almost half of all respondents whose organizations use public cloud.
• Forty-two percent do not know which frameworks their company uses to maintain compliance with relevant standards and regulations.

DivvyCloud’s Chris DeRamus

We spoke with Chris DeRamus, DivvyCloud‘s CTO and co-founder, to learn more about this lack of cloud and container security.

Channel Futures: If it weren’t for the COVID-19 pandemic, would a lot of these security and privacy issues gone unnoticed?

Chris DeRamus: The security issues that many companies are experiencing now would have come to light eventually. These vulnerabilities may have been revealed during the crisis, but the underlying problems were there long before they were detected.

CF: So how are organizations being impacted by adopting public cloud without proper security?

CD: As organizations adopt public cloud, they are shifting to a reliance on software-defined infrastructure and also to self-service access. So for the first time, developers now have unfettered access to create and configure their own infrastructure. Due to this transition, the hardened perimeter (firewalls) has disappeared. And now, identity and access management (IAM) has become the new security perimeter. Security is no longer a command and control approach, but a democratized function, involving everyone who interacts with cloud services.

Companies adopt public cloud quickly for its speed and agility, and to remain competitive and innovative in today’s fast-paced business landscape. The problem is, so many are failing to adopt a holistic approach to security. The asynchronous approach by organizations to not implement cloud security strategies at the time of cloud adoption is the reason data breaches caused by cloud misconfigurations continue to dominate headlines, exposing nearly 33.5 billion records.

CF: Who’s paying a price for developers ignoring security policies?

CD: Data breaches caused by cloud misconfigurations are rampant, costing enterprises an estimated $5 trillion in 2018 and 2019 alone. The enterprise is paying a hefty price for …