Report highlights key trends in cloud workload security following Log4Shell
Valtix, the industry’s first multi-cloud network security platform as a service, released new research that highlights how cloud security leaders are changing the way they secure cloud workloads in the aftermath of Log4Shell. The research found that 95% of IT leaders say Log4Shell was a wake up call for cloud security, changing it permanently, and that 87% feel less confident about their cloud security now than they did prior to the incident. The research also found that even 3 months after the incident, 77% of IT leaders are still dealing with Log4J patching with 83% stating that Log4Shell has impacted their ability to address business needs.
Latest ITechnology News:Â Accenture Research Finds Four in Five Banks Planning to or Already Migrating Mainframes to the Cloud Are Doing So Quickly
Log4Shell was a significant zero-day vulnerability in the Log4J developer library that posed a critical risk to much of the Internet. The humble piece of open source software – ubiquitous with enterprise apps and cloud services – quickly became the worry of IT teams, executives and boards, as they scrambled to protect their most valuable data, systems, and platforms. In March 2022, Valtix worked with an independent research firm to survey 200 cloud security leaders across the U.S. to better understand how the incident changed how IT teams look at and secure their cloud workloads.
The research found that despite better tools and knowledge, 78% of IT leaders still lack clear visibility into what’s currently happening in their cloud environment:
- 82% say visibility into active security threats in the cloud is usually obscured
- 86% agree it’s more challenging to secure workloads in a public cloud than in an on-prem data center
- Only 53% feel confident that all of their public cloud workloads and APIs are fully secured against attacks from the internet
“This research echoes what we are hearing from organizations daily: Log4Shell was a catalyst for many who realized that – even in the cloud – defense in depth is essential because there is no such thing as an invulnerable app,” said Vishal Jain, co-founder and CTO at Valtix. “Log4Shell exposed many of the cloud providers’ workload security gaps as IT teams scrambled to mitigate and virtual patch while they could test updated software. They needed more advanced security for remote exploit prevention, visibility into active threats, or ability to prevent data exfiltration.”
Latest ITechnology News:Â NICE Actimize Positioned as Intelligent Fraud Detection Leader by GigaOm, Achieving Highest Possible Scores in Ten Categories
Additionally, respondents were near universal in confirming challenges associated with bringing endpoint security agents and firewall appliances to the cloud from their datacenters with:
- 79% agreeing that agent-based security solutions are difficult to operationalize in the cloud
- 88% stated that bringing network security appliances to the cloud is challenging to the cloud computing operating model
“Security leaders are still dealing with the impacts of Log4Shell,” said Davis McCarthy, principal security researcher at Valtix. “Although many have lost confidence in their existing approach to cloud workload protection, the research shows they are taking action in 2022 by prioritizing new tools, process changes, and budget as it relates to cloud security.”
Latest ITechnology News:Â LogicMonitor Extends Executive Leadership Bench with Two New Hires Chief Performance Officer and Chief Customer Officer
[To share your insights with us, please write to sghosh@martechseries.com]
