With organizations under pressure to increase productivity, they are leveraging cloud services and modern development processes to rapidly release their applications in the cloud. While this provides opportunities for more accessibility and business for companies of all sizes and industries, security teams need to ensure they can secure their cloud applications that have complex connections to other applications and resources.

Unfortunately, basic network security hygiene remains a key issue. In fact, Enterprise Strategy Group research shows that 43% of organizations have experienced an attack on their public cloud infrastructure environment in the last 24 months.¹ In many cases, these incidents are the result of unforced errors rather than sophisticated adversaries using advanced tactics. Specifically, 32% experienced exploits of misconfigurations, 26% experienced exploits of open ports, and 23% saw unauthorized access by internal users.

Making efficient and effective use of the tools offered by cloud services providers (CSPs) should be a top priority for any security team. But it is critical that the CSPs enable this usage, prioritizing proactive visibility, insights, and context to help security teams identify the most critical risks and close the associated gaps in their security posture.

^1. Source: Enterprise Strategy Group Research Report, The Evolution of Network Security, October 2024. All Enterprise Strategy Group research references in this brief are from this report.