Striking a balance between sufficient visibility into cloud computing environments and the potential for an overdose of false positives and duplicate alerts is the key challenge facing cloud security professionals, according to the State of Security Remediation report from the Cloud Security Alliance (CSA). The report, released today, detailed a raft of important issues facing IT professionals tasked with fixing security problems in cloud environments. Along with false positives and visibility, overly complex tooling, time-consuming manual tasks, and slower-than-needed response times were cited as problematic by large percentages of the 2,000 IT and security pros surveyed by the CSA.
Just 23% of respondents said that they had “full” visibility into cloud environments, a figure that reflects the increasing complexity of containerized and serverless architectures, the study found. “This lack of visibility can lead to security gaps and complicates the management and monitoring of these environments,” the study’s authors wrote.
Duplicate alerts and false positives stressing security teams
Yet the sheer volume of alerts themselves are already posing a challenge to security teams, according to the study, which found that 63% of respondents characterized duplicate alerts as a moderate-to-severe issue for them, similar to the 60% saying the same about false positives. Generally, this is a problem attributable to the proliferation of different security tools, many of which have overlapping functionality and poor or no integration with one another.
False alarms and duplicate alerts are only part of the problem posed by tooling sprawl, however. Well over half (61%) of respondents said they were using between three and six different detection tools for security purposes, with a strong minority saying that they were considering budget increases to pay for additional monitoring. “The introduction of additional tools without a unified process can lead to siloed remediation efforts, overlapping vulnerabilities, and a disjointed approach to threat prioritization,” wrote the authors.
The study, which was sponsored by cloud security remediation vendor Dazz, argues that more unified monitoring and management solutions must be used, and that channels of communication between security and development teams must be open and active. “As cybersecurity threats evolve, organizations must adapt by seeking better visibility into their code-to-cloud environment, identifying ways to accelerate remediation, strengthening organizational collaboration, and streamlining processes to counter risks effectively,” said Hillary Baron, the study’s lead author and senior technical director for research at CSA, in a press release.