SANS Survey 2022: Securing Infrastructure Operations

For organizations that want to quickly scale to meet operational and/or customer needs, a cloud presence offers an abundance of opportunities. It seems almost unfair to compare and contrast cloud and on-premises infrastructure on the merits of flexibility and speed. Cloud is the clear winner for future-looking businesses that desire ease of deployment and rapid development cycles. However, embracing cloud infrastructure can pose a significant risk. Much like the cloud is an opportunity for administrators, it is also a playground for adversaries.  

In the inaugural survey around the topic, the results of a new SANS Survey sponsored by Cadre, Securing Infrastructure Operations, uncovers what today’s cloud presence looks like, and how assets are secured. Amid a growing shift to cloud infrastructure, security teams and their organizations now have access to never before gathered and analyzed insights from 133 respondents globally across a range of industries and organizational sizes. With stats and data from the survey, readers will have a valuable barometer to compare their own environments and potentially identify areas of focus for future cloud infrastructure efforts. 

Top Cloud Security Challenges 

Even without the survey, it is safe to assume that enterprise cloud footprints and infrastructure are growing – and security teams are often having trouble keeping up with the change. The specifics around this, however, are an important starting point for the larger questions the survey aims to answer. 

Eclipsing any findings on the percentage of cloud-based environment in use, the results signal room for potential growth in areas like containerization, developer tools, machine learning, and Functions as a Service. If organizations succeed at expanding their cloud usage beyond the top contenders such as web applications, office automation, file storage, and databases, security teams will need the tools to defend the newer assets and services. 

The SANS report goes on to explore the use of third-party versus custom-developed applications in the cloud. From the survey, a little over half ( approximately 56%) of organizations have at least 40% of their cloud usage comprised of custom-developed applications. While it is encouraging to see that organizations can create, publish, maintain, and secure its own code, using custom applications creates a different risk profile compared to third-party. Unfortunately, there is still a disconnect on the ability to secure. 74% of security teams are trained about the differences between cloud and non-cloud security response. That leaves 26% unarmed against the unique opportunities for adversaries that custom applications create.  

Opportunities for Visibility and Cloud Incident Response 

In the confluence of challenges of cloud usage, both current and expected, lies opportunities. For much too long, development and security teams have found flaws in each other – pointing fingers of blame when an incident occurs. Despite this, the survey showed encouraging progress as a whopping 73% of respondents indicated that deployment of a new application or services requires notification of the security team of the new asset and potential risks. Given the newfound teamwork, it brings up a question on the opportunity to condense or expand cloud asset monitoring capabilities. If security teams are already looking at logs daily, are development teams after the same data points to inform their work? 

With this information, eyes turn back to the security team to determine how they will secure various cloud assets. As we mentioned earlier, more than a quarter of respondents are not trained in cloud security, which makes it difficult to secure asset classes, provides adversaries opportunities to exploit unmonitored, unpatched, and insecure assets, and provides a false sense of security.  

Now more than ever, it is integral for an organization’s security posture to implement more visibility and tooling to be able to successfully detect and respond to incidents within their cloud environments. The problem, or perhaps opportunity, is that respondents expressed no confidence (22%), no insight (9%), or simply don’t know (3%) their ability to detect and respond to an incident involving a cloud-native asset. 

Despite whether security teams are confident in securing the cloud, not confident, or somewhere in the middle, the report from SANS is full of good insights for how to approach cloud security problems and best practice next steps. 

For a deeper understanding of cloud footprints and how organizations are deploying and securing their cloud assets, watch the Securing Infrastructure Operations webcast and download the full report.