Download PDF version Contact company

Vectra AI, a pioneer in threat detection and response released the findings of the PaaS & IaaS Security Survey Report. The report compiled the answers of 317 IT executives all using AWS, 70% coming from an organisation of 1,000+ employees.

The findings show a rapid expansion and reliance on AWS services while simultaneously showcasing security blind spots within many organisations.

Findings of the survey

As digital transformation efforts continue, the survey found that AWS is becoming an even more critical component to organisations who are regularly deploying new workloads, leveraging deployments in multiple regions, and are relying on more than one AWS service. The survey found:

  • 64% of DevOps respondents are deploying new workload services weekly or even more frequently
  • 78% of organisations are running AWS across multiple regions (40% in at least three)
  • 71% of respondents say that they are using more than four AWS services (such as S3, EC2, IAM, etc.)

Blind spots

Gartner anticipated that over 99% of cloud breaches will have a root cause of customer misconfiguration

The expansion of AWS services has naturally led to increased complexity and risk with 100% of companies surveyed having experienced at least one security incident in their public cloud environment.

Gartner anticipated that over 99% of cloud breaches will have a root cause of customer misconfiguration. Some blind spots the Vectra report uncovered include:

  • 30% of organisations surveyed have no formal sign-off before pushing to production
  • 40% of respondents say they do not have a DevSecOps workflow
  • 71% of organisations say that 10 or more people can modify the entire infrastructure in their AWS environments, creating numerous attack vectors for hackers

Despite these blind spots, the survey showed that companies are taking security seriously. Over half of the companies reported having double-digit security operations centre (SOC) headcounts, showing significant investment in keeping their organisations secure.  

Cloud security

Securing the cloud with confidence is nearly impossible due to its ever-changing nature,” said Matt Pieklik, Senior Consulting Analyst at Vectra. “To address this, companies need to limit the number of attack vectors malicious actors can take. This means creating formal sign-off processes, creating DevSecOps workflows, and limiting the number of people that have access to their entire infrastructure as much as possible.”

“Ultimately, companies need to provide security holistically, across regions and automate as many activities as possible to enhance their effectiveness.” Vectra has answered this industry need through the creation of Detect for AWS which reduces the risk of cloud services being exploited, detects threats against AWS services, and automatically responds to attacks against applications running in AWS.

Download PDF version Download PDF version

In case you missed it

Anviz Global expands palm vein tech for security
Anviz Global expands palm vein tech for security

The pattern of veins in the hand contains unique information that can be used for identity. Blood flowing through veins in the human body can absorb light waves of specific wavelen...

Bosch sells security unit to Triton for growth
Bosch sells security unit to Triton for growth

Bosch is selling its Building Technologies division’s product business for security and communications technology to the European investment firm Triton. The transaction enc...

In age of misinformation, SWEAR embeds proof of authenticity into video data
In age of misinformation, SWEAR embeds proof of authenticity into video data

The information age is changing. Today, we are at the center of addressing one of the most critical issues in the digital age: the misinformation age. While most awareness of thi...

Quick poll
What is the most significant challenge facing smart building security today?