Log4Shell Is A Wake Up Call For Cloud Security: Report

Valtix has released new research findings highlighting how cloud security leaders are changing the way they secure cloud workloads in the aftermath of Log4Shell. The research key findings include:

  1. 95% of IT leaders say Log4Shell was a wakeup call for cloud security, changing it permanently.
  2. 87% feel less confident about their cloud security now than they did prior to Log4Shell.
  3. 77% of IT leaders are still dealing with Log4J patches 3 months after the incident.
  4. 83% stated that Log4Shell has impacted their ability to address business needs. 
  5. 82% say visibility into active security threats in the cloud is usually obscured
  6. 86% agree it’s more challenging to secure workloads in a public cloud than in an on-prem data center
  7. Only 53% feel confident that all of their public cloud workloads and APIs are fully secured against attacks from the internet
  8. 79% agreeing that agent-based security solutions are difficult to operationalize in the cloud
  9. 88% stated that bringing network security appliances to the cloud is challenging to the cloud computing operating model

I have a pair of comments on this research. The first is from Edward Roberts, VP of Marketing for Neosec:

“As the digital transformation has evolved the adoption of cloud services and use of APIs has skyrocketed. APIs are the connective tissue for most businesses today. Since most organizations have no inventory of their APIs, it is therefore no surprise that many organizations feel their API estate is insecure.”

Sanjay Raja, VP of Solutions, Gurucul is next with some commentary:

“Too many security vendors that claim to better secure the cloud have major flaws in their capabilities. For one, many have simply “lifted and shifted” on-premise-based security software and appliances to be supported in the cloud without specifically building them to cater to fundamental architecture differences. This severely impacts deploying them correctly and much worse, limits their capabilities, especially when being leveraging and operated by security operations for the purposes of threat detection, investigation and response. This is one way attackers are finding security gaps, especially gaps in cloud threat detection solutions and programs, that allow them to leverage Log4J vulnerabilities in cloud environments. Another factor is that few security solutions can be deployed across multi-cloud architectures even if they can correlate across multi-cloud. This limits their deployability in complex environments. Threat attackers take that further to spread and effectively hide attack campaigns across multi-cloud architectures that very few solutions have security analytics for helping security teams identify the scope of such an attack”. 

Log4Shell has changed the game and forced companies to rethink their security in the cloud. Or at least it should force companies to rethink their security in the cloud. Business leaders should read this report and give their security a good hard look to make sure that they aren’t the next victim of the next exploit that comes along.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: