Skip to main content
close search
site logo
Dive Brief

Cloud security pros expect elevated risk for serious data breaches

Just one in five cybersecurity and engineering pros escaped the previous year without incident.

Published Sept. 19, 2022
Matt Kapko's headshot
Senior Reporter
Golden circuit cloud showing cloud computing technology
PhonlamaiPhoto via Getty Images

First published on

Cybersecurity Dive

Dive Brief:

  • A majority of cloud security and engineering professionals expect cloud data breach risks to increase over the next year, according to an annual report on the state of cloud security published Tuesday by Snyk. 
  • The heightened risk profile is consistent with the data breaches, leaks and intrusions organizations suffered in their cloud environments last year. Four out of five respondents said their organization suffered a serious cloud security incident last year, including breaches, leaks, intrusions, compliance violations, failed audits, system downtime and cryptomining.
  • Companies primarily using the cloud to host migrated applications suffered cloud security incidents most often, an experience reported by nearly nine out of 10 professionals surveyed. Serious cloud security incidents also impacted companies hosting third-party apps or building and running in-house apps in the cloud at a rate of at least 70%, the report said.

Dive Insight:

The perception of growing risk amid common occurrences accentuates the persistent cloud security challenges organizations confront as they deploy and invest in more cloud infrastructure.

System downtime due to misconfiguration and cloud data breaches were the most commonly reported security incidents among the 400 cloud engineers and security professionals surveyed. Snyk commissioned Propeller Insights to conduct the survey during the second quarter of 2022.

Just one out of five respondents reported no major cloud security incidents. However, a quarter of professionals said they worry their organization unknowingly suffered a data breach recently.

This gap in cloud infrastructure visibility underscores the increased complexity organizations encounter in cloud-native infrastructure. Two-fifths of respondents said cloud-native service and architecture adoption inflicts a major impact on cloud security efforts due to additional complexity.

Granting API access to the cloud control plane for cloud development and configuration opens a potentially expansive attack surface for threat actors to target.

“Every major cloud data breach involves attackers compromising the cloud API control plane for discovery, movement and extraction,” the report said. These attacks exploit architectural misconfigurations involving more than one resource. 

Containers introduce additional cloud security risks, according to Snyk. One in five respondents that are using container-based architectures reported no container-related security issues.

Lackluster cloud security efforts cause application deployment delays and impose significant demands on cloud engineering and security teams, the report said. Respondents cited a lack of cloud security policy awareness as the leading cause of cloud security failures.

Filed Under: Security

Editors' picks

  • A group of flags on flag poles stand underneath one large blue flag, which features a circle of gold stars in the middle.
    Image attribution tooltip
    Johannes Simon via Getty Images
    Image attribution tooltip

    The EU AI Act is here: What can CIOs expect?

    The act took effect Thursday, but enforcement deadlines are spread out through 2027. The act could have a similar global influence to GDPR.

    By Lindsey Wilkinson • Aug. 1, 2024
  • Google's headquarters
    Image attribution tooltip
    Justin Sullivan via Getty Images
    Image attribution tooltip

    Google ties billions in revenue this year to generative AI

    Alphabet CEO Sundar Pichai said underinvesting in the technology is a larger risk than overinvesting, as vendors pour resources into developing chips, models and infrastructure. 

    By Lindsey Wilkinson • July 24, 2024

Company Announcements

View all | Post a press release
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
Unanet Acquires GovPro AI to Enable Customers to Win More Business
From Unanet
November 22, 2024
Editors' picks
  • A group of flags on flag poles stand underneath one large blue flag, which features a circle of gold stars in the middle.
    Image attribution tooltip
    Johannes Simon via Getty Images
    Image attribution tooltip

    The EU AI Act is here: What can CIOs expect?

    The act took effect Thursday, but enforcement deadlines are spread out through 2027. The act could have a similar global influence to GDPR.

    By Lindsey Wilkinson • Aug. 1, 2024
  • Google's headquarters
    Image attribution tooltip
    Justin Sullivan via Getty Images
    Image attribution tooltip

    Google ties billions in revenue this year to generative AI

    Alphabet CEO Sundar Pichai said underinvesting in the technology is a larger risk than overinvesting, as vendors pour resources into developing chips, models and infrastructure. 

    By Lindsey Wilkinson • July 24, 2024
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell