Sysdig report: Speed over prevention for cloud security

February 1, 2024



Sysdig has announced the findings from its “2024 Cloud-Native Security and Usage Report”, with the seventh annual report detailing the dangerous practice of putting convenience before preventive security in pursuit of faster application development.  

This report comes on the heels of significant infrastructure breaches across well-known organisations and the recently updated SEC Cybersecurity and Disclosure Rules. 

Derived from an analysis of millions of containers and thousands of cloud accounts, users and roles, the “2024 Cloud-Native Security and Usage Report” explores how companies of all sizes and industries across the globe are using and securing cloud and containerised environments.  

Sysdig report highlights  

69% of enterprises have yet to embed AI into their cloud environments: While 31% of companies have integrated AI frameworks and packages, only 15% of these integrations are used for generative AI tools such as large language models (LLMs).  

Considering the risk acceptance described in this year’s report, organisations are ignoring security best practices, yet they are cautious when it comes to implementing AI into their enterprise environments. 

91% of runtime scans fail: In shift-left security, organisations scan early and often during the development phase, recognising failed builds, correcting the code and then redeploying.  

The goal is to catch issues before delivery and before they become exploitable conditions for attackers.  

However, with 91% of runtime scans failing, teams appear to be relying more on threat detection than prevention. 

Only 2% of granted permissions are being used: Identity management – for both humans and machines – has become the most overlooked cloud attack risk and opportunity for companies to improve their security posture, especially in light of well-known 2023 attacks that took advantage of overly permissive identities.  

In last year’s report, Sysdig saw 90% of permissions going unused, showing that this trend has worsened year over year.  

Shorter container lifespans are not stopping attackers: The homogenous nature of cloud environments and attackers’ usage of automation for discovery and reconnaissance gives them a near-instant understanding of cloud environments and their opportunities to move laterally. 

Running vulnerable workloads, no matter how short-lived, leaves organizations at risk for attacks. 

Faster does not mean safer  

Attackers are leveraging automation to exploit every point of weakness they can uncover,” said Crystal Morin, Cybersecurity Strategist at Sysdig.  

“This year’s report shows that many companies are chasing faster innovation at the cost of more comprehensive security – a gamble that poses real business risks.” 

“Though I am unsurprised by the apprehension around the security of new technologies like AI, I am disheartened by the massive number of excessive permissions being administered, especially for machine identities,” added Anna Belak, Director, Office of Cybersecurity Strategy at Sysdig.  

It feels a bit like obsessing over a plane crash while regularly running stop signs with no seatbelt on.” 

More Security News

Read Next

Security Journal UK

Subscribe Now

£99.99 for each year
No payment items has been selected yet