INTELLIGENT BRANDS // Enterprise Security
Over a third of UK organisations say software supply chain security is biggest risk to their business
Aqua Security , a pioneer in cloud native security , has announced the results of a recent study which reveals that , while UK firms are realising the benefits of cloud native security , the software supply chain has become a top security concern for them .
The survey was conducted at Cloud Expo Europe in March 2023 and gathered insights from 100 + cloud professionals who attended the event . Compared with a similar survey conducted at the same event in 2022 , the results indicate an increase of 18.6 % from the previous year to 36.9 % of respondents believing supply chain security to be the biggest security risk to their business . Overall , there has been some improvement over the last 12 months in understanding cloud native security risks , but there is heightened confusion over new regulations and significant fears in regard to supply chain security .
36.9 % were confident in their ability to adopt new guidelines or frameworks . Furthermore , few organisations planned to implement supply chain security standards – only 22.3 % were planning to adopt SBOM standards such as CycloneDX or SPDX and only 10.7 % were planning to implement NIS2 guidelines .
Signs of progress , but barriers still in place
Despite their concerns , the survey did indicate that progress has been made over the last year when it comes to cloud native security . A total of 34 % of organisations now have a cloud native security strategy in place for 2023 , compared to just 21.2 % in 2022 . Furthermore , there was an increase in the number of organisations that indicated responsibility for cloud native security sits with both IT security and DevOps teams , up from 20.2 % to 28.2 %. Understanding and awareness also appears to have increased , with 46.6 % of respondents familiar with the term CNAPP ( Cloud Native Application Protection Platform ), the cloud native security category introduced by analyst firm Gartner , a 47 % increase over the previous year . Furthermore , the number of respondents who cited a lack of understanding as a barrier to a successful Cloud Native Security Strategy decreased by 12.9 % from last year , to 42.7 %.
However , there are still some significant barriers to effective cloud native security . Limited , or lack of budget was cited as an obstacle by nearly 38.8 % of respondents and 29.1 % stated that they thought cloud native security was complicated or hard to implement . p
Key results included :
• Almost half ( 47.1 %) of respondents chose open-source vulnerabilities as their main software supply chain concern .
• 34 % of organisations now have a cloud native security strategy in place for 2023 , compared to 21.2 % in 2022 .
• Barriers to effective cloud native security included lack of understanding ( 42.7 %), limited or lack of budget ( 38.8 %) and perceived difficulty of implementation ( 29.1 %).
New regulations causing concern
New compliance obligations in regards to supply chains security , such as Executive Order 14028 in the US , were a cause for concern for many respondents . But only
70 INTELLIGENTCIO EUROPE www . intelligentcio . com