2023年云安全报告（英）.docx

《2023年云安全报告（英）.docx》由会员分享，可在线阅读，更多相关《2023年云安全报告（英）.docx（34页珍藏版）》请在第壹文秘上搜索。

1、THESTATEOFCLQUfi-NATIVESECURITY2023REPORTTHEONLYCONSTANTISCHANGEFewcanrelatetotheadagelikecloudsecurityprofessionals.Cloudsecurityisdynamicandunpredictable,butthemovetohybridworkhasacceleratedchangeandincreasedthecomplexityOfapplicationsecurity.Ascloud-nativeapplicationdevelopmentevolves,sotoodoorga

2、nizations7cloudinfrastructure(80%Ofsurveyrespondentssaytheircloudinfrastructureisevolving).Whatzsmore,thecloudhaschangedtheapplicationslifecycle,withDevOpsnowdeliveringproductioncodeatwarpspeedandsecuritypersonnelstrugglingtokeeppace.Morethan75%ofrespondentsfromthisyearssurveyaredeployingneworupdate

3、dcodetoproductionweekly,andalmost40%arecommittingnewcodedaily.Addtothattheratiooftendevelopersforeverysecurityprofessional1,2andthepotentialforchallengesinscaleandcomplexityarenotdifficulttounderstand.Incontrasttoon-premenvironments,cloudcomputingfollowsasharedresponsibilitymodel.Responsibilityforth

4、einfrastructure(e.g.zcompute,networking,andstorage)isheldwiththecloudserviceprovider(CSP)andresponsibilityforsecurityissharedbetweentheCSPandtheircustomers.Butthesharingstopswhenitcomestoresponsibilityforcustomersapplications,data,andaccessmanagement.Organizationssecurityanddevelopmentteamsownthisre

5、sponsibilityandmustcollaboratetosuccessfullysecuretheircloudenvironments.Toequiptheseteamswiththeresourcestheyneed,itrsnecessarytounderstandthechallengestheyface(whetheremergentorperennial),thesolutionstheyuse,andtheeffectivenessofsolutionsinhelpingthemmeettheirresponsibilities.Howareorganizationsch

6、oosingsecuritytools,andhowarethosetoolsbeingoperationalized?Whichpracticesareproducingthebestsecurityoutcomes,andwhicharehamperingefforts?Weexploredthesequestionsandothersinourannualmulti-industrysurveyonthestateofcloud-nativesecurity.IOCBDabonalOMtlOokHandbOOkSofwarcDCVdoPCfQMaliwAauraccAndIYsts.an

7、dTctcr.BUrCdUOfLaborStatiSUCU2BUreaUOfLabOrStaUsties,QeCuPationalOUUaakHandbDak-InfafmatiOnSeCUfityAnalysts,BUreaUOfLabOrStatisticsWHATDIDWEFIND?Shift-left security is accelerating.Decisions on tooling have become clouded by complexity.Collaboration across teams is essential to better security outco

8、mes.Sinceunaddressedvulnerabilitiescanbeexploitedinproduction,itzscriticaltocatchandfixthesevulnerabilitiesearlyintheapplicationdevelopmentlifecycle.Oursurveyrevealedthatrisksintroducedearlyinapplicationdevelopmentarethe#1concern.Knownvulnerabilities,embeddedmalware,andsensitivedata,suchassecretsorc

9、onfigurationdata,aresomeexamplesofearlyrisks.Tocatchemergentthreatsupstream,securityteamsturntotoolssuchascodereposcanning,softwarecompositionanalysis(SCA)zandregistryscanning.Overwhelmedbytheproliferationofdiscretetoolingoptions,morethan75%ofrespondentsreportedthattheirorganizationstrugglestoidenti

10、fywhichsecuritytoolscanhelpthemmeettheirneeds.Thesheernumberandroleofeachdiscretetoolcanpresentoperationalheadachesandfurtherisolatesiloszoftencreatingblindspotsinanorganizationssecurityposture.Unliketraditionalsecurity,thecloudrequiresuserstounitedisparateteamsaroundacommongoal.Todothis,organizatio

11、nsneedtobeintentionalaboutbreakingdownsilos.Oursurveyshows81%ofenterpriseshaveembeddedsecurityprofessionalsintheirdevelopmentandoperationsteam.Fromhere,organizationsmuststayattunedtofrictionasitarisesanddevelopasecurityarchitecturethatinspiresconfidenceanddoesntslowDevOpsprocessesdown.TABLEOFCONTENT

12、SExecutiveSummaryKeyFindingsiiIntroduction1HowEnterprisesAreMigratingtotheCloud2ApplicationVelocityinCloud-NativeEnterprises6CloudComplexity7ImplicationsforSecurityTeams8HowEnterprisesAreApproachingSecurity12HowApplicationDevelopersAreShapingSecurity14ThePathForward15Recommendations17ThethirdannualS

13、tateofCloud-NativeSecurityReportexaminestheevolvingsecuritypractices,toolszandtechnologiesthatorganizationsaroundtheworldareemployingtotakeadvantageofcloudservicesandnewapplicationtechstacks.FieldedfromNovember21toDecember14z2022,thesurveygathereddatafrom2z500-plusrespondentsinsevencountries,includi

14、ngtheUnitedStates,Australia,Germany,France,Japan,Singapore,andtheUnitedKingdom. Allmajorindustrieswereincludedinthesample,withrepresentationfromconsumerproductsandservices,energyresourcesandindustrials,financialservices,healthcare,technology,media,andtelecommunications. Morethan50%ofthesamplecamefro

15、menterprise-sizedorganizations(over$1Binannualrevenue).oRespondentsweresplitevenlybetweenexecutiveleadershipandpractitioner-levelrolestounderstandsentimentsbroadlyacrossorganizations.Practitioner-Ievelrespondentswererestrictedtothosewhoworkindevelopment,ITorinformationsecurityfunctions. Allresponden

16、tsreportedthemselvesknowledgeableandfamiliarwiththeirorganizationscloudoperationsandcloudsecurityandweresourcedfromprofessionalsurveypanels.PaloAltoNetworkspartneredwithTheFoSSiCkerGroUD,amajoritywoman-owned,full-serviceresearchfirm,onallelementsofthisyearsreport,includingsurveydesign,fieldwork,analysis,narrative,datavisualizations,andreportdesign.CLOUDMIGRATIONISSTILLGROWINGSimila