A recent report by Venafi highlights urgent concerns over machine identity security in cloud-native environments, revealing alarming trends and challenges faced by organisations in 2024.
In a recent report released by Venafi, a CyberArk company, findings illustrate the increasing complexity and urgency of machine identity security in cloud-native environments. This second annual research initiative surveyed 800 security and IT professionals from various large organisations across the United States, United Kingdom, France, and Germany. The report, titled “The Impact of Machine Identities on the State of Cloud Native Security in 2024,” reveals critical insights into current trends and challenges affecting cloud security.
The report’s findings indicate that many organisations are facing significant security threats in their cloud native environments. Alarmingly, 86% of the surveyed entities reported experiencing a security incident related to their cloud infrastructure within the previous year. The repercussions of these incidents have been severe; 53% of organisations reported delays in application launches or a slowdown in production timelines, 45% experienced service outages, and 30% acknowledged that attackers have gained unauthorized access to sensitive data, networks, or systems.
Key threats emerging from this research outline the concern many security leaders have regarding machine identities, particularly service accounts. A notable 88% of security professionals expressed the belief that machine identities – especially access tokens linked to service accounts – represent the next frontier of threats. Over half (56%) of these professionals have witnessed security incidents that were directly associated with machine identities.
Furthermore, the report highlights a potential shift in the nature of cyber threats, particularly concerning supply chain attacks. A significant 77% of security leaders believe that AI poisoning could become a prevalent method for attacking software supply chains. Despite this, 61% noted that senior management’s focus on supply chain security has waned over the past year, presenting an area of risk yet to be fully addressed.
The relationship between security teams and developers presents an additional hurdle within many organisations. An overwhelming 68% of security leaders convey concern that security personnel and developers will continue to have conflicting priorities. Additionally, 54% of respondents feel that they are fighting a losing battle in advocating for a security-first approach among developers.
“Attackers are now actively exploring cloud native infrastructure,” remarked Kevin Bocek, Chief Innovation Officer at Venafi, speaking to Business Wire. “A massive wave of cyberattacks has now hit cloud native infrastructure, impacting most modern application environments. To make matters worse, cybercriminals are deploying AI in various ways to gain unauthorized access and exploiting machine identities using service accounts on a growing scale.”
The survey also sheds light on the rising threats specifically related to artificial intelligence in cloud native security. Concerns about AI poisoning, model theft, and AI-enhanced social engineering tactics are significant, affecting 77%, 75%, and 73% of respondents, respectively. Bocek further stated that while AI has the potential to transform industries positively, it is imperative to bolster security measures against possible hijacks or corruptions of AI models.
The report elucidates the growing security complexities tied to machine identities. Notably, 74% of security leaders identified human error as the weakest link in the security chain concerning machine identities. Furthermore, a substantial 89% acknowledged challenges in managing and securing secrets at scale, indicating a pressing issue for organisations striving to maintain security across diverse cloud environments.
Bocek concluded with a critical call for prioritisation of machine identity security alongside human identities. “Security teams must prioritise machine identity security to the same degree as human identities,” he stated. He emphasised that automated, end-to-end machine identity security solutions are available to enhance cloud native security, thus enabling operational stability and fostering business growth.
With security incidents rising and organisations increasingly vulnerable to sophisticated cyber threats, the insights gleaned from this report provide crucial information for understanding and navigating the state of cloud native security in the coming years.
Source: Noah Wire Services
- https://www.securityinfowatch.com/cybersecurity/press-release/55249935/venafi-machine-identities-are-next-big-cyber-target-venafi-research-finds – Corroborates the findings of Venafi’s research report on machine identity security in cloud-native environments, including the survey of 800 security and IT professionals and the reported security incidents.
- https://www.securityinfowatch.com/cybersecurity/press-release/55249935/venafi-machine-identities-are-next-big-cyber-target-venafi-research-finds – Details the severe repercussions of security incidents in cloud-native environments, such as delays in application launches, service outages, and unauthorized access to sensitive data.
- https://www.securityinfowatch.com/cybersecurity/press-release/55249935/venafi-machine-identities-are-next-big-cyber-target-venafi-research-finds – Highlights the concern among security leaders about machine identities, especially service accounts, as the next frontier of threats.
- https://www.securityinfowatch.com/cybersecurity/press-release/55249935/venafi-machine-identities-are-next-big-cyber-target-venafi-research-finds – Discusses the potential shift in cyber threats, including AI poisoning as a method for attacking software supply chains and the waning focus on supply chain security by senior management.
- https://www.securityinfowatch.com/cybersecurity/press-release/55249935/venafi-machine-identities-are-next-big-cyber-target-venafi-research-finds – Addresses the conflict between security teams and developers, including the difficulty in advocating for a security-first approach among developers.
- https://www.securityinfowatch.com/cybersecurity/press-release/55249935/venafi-machine-identities-are-next-big-cyber-target-venafi-research-finds – Quotes Kevin Bocek on the active exploration of cloud-native infrastructure by attackers and the use of AI to exploit machine identities.
- https://www.securityinfowatch.com/cybersecurity/press-release/55249935/venafi-machine-identities-are-next-big-cyber-target-venafi-research-finds – Highlights concerns about AI-related threats such as AI poisoning, model theft, and AI-enhanced social engineering tactics in cloud-native security.
- https://www.securityinfowatch.com/cybersecurity/press-release/55249935/venafi-machine-identities-are-next-big-cyber-target-venafi-research-finds – Discusses the growing security complexities tied to machine identities, including human error and challenges in managing and securing secrets at scale.
- https://venafi.com – Provides context on Venafi’s role in machine identity management and the complexities of managing machine identities in cloud-native environments.
- https://venafi.com/blog/fearlessly-forging-on-5-takeaways-from-machine-identity-security-summit-2024/ – Supports the importance of comprehensive visibility, automation, and crypto-agility in managing machine identities, especially in the context of emerging threats like AI and quantum computing.