CIO Influence
CIO Influence News Security

More Than a Third of UK Organisations Believe Inadequate Software Supply Chain Security Is the Biggest Security Risk to Their Business, Reveals New Aqua Security Study

More Than a Third of UK Organisations Believe Inadequate Software Supply Chain Security Is the Biggest Security Risk to Their Business, Reveals New Aqua Security Study

Aqua Security, the pioneer in cloud native security, has announced the results of a new study which reveals that, whilst UK firms are realising the benefits of cloud native security, the software supply chain has become a top security concern for them.

The survey was conducted at Cloud Expo Europe in March 2023 and gathered insights from 100+ cloud professionals who attended the event. Compared with a similar survey conducted at the same event in 2022, the results indicate an increase of 18.6% from the previous year to 36.9% of respondents believing supply chain security to be the biggest security risk to their business. Overall, there has been some improvement over the last 12 months in understanding cloud native security risks, but there is heightened confusion over new regulations, and significant fears in regards to supply chain security.

Key results included:

  • Almost half (47.1%) of respondents chose open-source vulnerabilities as their main software supply chain concern.
  • 34% of organisations now have a Cloud Native Security strategy in place for 2023, compared to 21.2% in 2022.
  • Barriers to effective Cloud Native Security included lack of understanding (42.7%), limited or lack of budget (38.8%) and perceived difficulty of implementation (29.1%)

CIO INFLUENCE: Datometry Releases Driver Integration for BigQuery, Further Future-Proofing Its Customers’ Investments

“High-profile supply chain attacks have likely drawn organisations’ attention to an issue that has slowly been festering over the last few years,” explained Rani Osnat, SVP of strategy at Aqua Security. “Hopefully, greater concern will lead to greater action, and organisations will implement true end-to-end security solutions to keep their software supply chain secure.”

New regulations causing concern

New compliance obligations in regards to supply chain security, such as Executive Order 14028 in the U.S., were a cause for concern for many respondents. But only 36.9% were confident in their ability to adopt new guidelines or frameworks. Furthermore, few organisations planned to implement supply chain security standards – only 22.3% were planning to adopt SBOM standards such as CycloneDX or SPDX, and only 10.7% were planning to implement NIS2 guidelines.

Signs of progress, but barriers still in place

Despite their concerns, the survey did indicate that progress has been made over the last year when it comes to Cloud Native Security. Thirty four percent of organisations now have a Cloud Native Security strategy in place for 2023, compared to just 21.2% in 2022. Furthermore, there was an increase in the number of organisations that indicated responsibility for Cloud Native Security sits with both IT Security and DevOps teams, up from 20.2% to 28.2%.

CIO INFLUENCE: Ericsson presents a Green Financing Framework

Understanding and awareness also appears to have increased, with 46.6% of respondents familiar with the term CNAPP (Cloud Native Application Protection Platform), the cloud native security category introduced by analyst firm Gartner, a 47% increase over the previous year. Furthermore, the number of respondents who cited a lack of understanding as a barrier to a successful Cloud Native Security Strategy decreased by 12.9% from last year, to 42.7%.

However, there are still some significant barriers to effective Cloud Native Security. Limited, or lack of budget was cited as an obstacle by nearly 38.8% of respondents, and 29.1% stated that they thought Cloud Native Security was complicated or hard to implement.

Osnat concluded: “It’s encouraging to see progress in the UK on Cloud Native Security awareness. With Gartner estimating that more than 95% of new apps will be deployed on cloud-native platforms by 2025, it’s vital that this becomes a key security priority. More must still be done to ensure that security and DevOps teams are armed with the knowledge and solutions needed to stop Cloud Native attacks across the application lifecycle.”

CIO INFLUENCE: Apprentice Now Joins Amazon Web Services Training Partner Program to Deliver AWS Cloud Skills Training

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

Lumentum Announces Completion of Cloud Light Acquisition

Business Wire

Palo Alto Networks Closes Talon CyberSecurity Acquisition and Offers Free Enterprise Browser to SASE AI Customers

CIO Influence News Desk

Ekinops Upgrades IKOULA Data Center Interconnection Links Enabling Cloud Services on French Network

CIO Influence News Desk