The State of
Cloud-Native Security
Report 2024

Generative AI is a groundbreaking force that puts organizations at the intersection of innovation and risk, requiring them to navigate unimaginable challenges and opportunities.

The State of Cloud-Native Security Report 2024, "the fourth annual report,“ aims to help organizations make the most of this cloud security transformation by revealing the trends and insights gleaned from discussions with more than 2,800 cloud security and DevOps professionals in 10 countries and five sectors of industry. Read on to learn more about how your peers are dealing with all the changes that are taking place.

The State of Cloud-Native Security Report 2024

The largest, most globally expansive market research on cloud-native security.

AI: Attack Vector or Accelerator?

AI: Attack Vector or Accelerator?

As AI continues to develop, only one thing is certain: it will be weaponized. That’s why 38% of organizations rank AI-powered attacks as their top concern in 2024, and 43% predict that AI-powered threats will become a common threat vector.

Security Risks with AI-Generated Code

AI-powered attacks are only half the problem. Forty-four percent of organizations are equally worried about risks related to AI-generated code and rightfully so. Autonomously created software and the rapid pace of AI-generated code development increase the likelihood of undetected security flaws and tax traditional security testing methods.

Embracing the Unknown

Despite expressing a healthy dose of fear and caution when faced with AI, organizations are optimistic. All survey respondents plan to embrace AI-assisted coding, and will tailor their security approach to account for it.

Balancing Tools, Vendors and Needs

Balancing Tools, Vendors and Needs

It’s no secret that cloud environments get complex very quickly. Respondents use an average of 12 cloud service providers and 16 cloud security tools—no wonder. 98% of them expressed a need for simplification and consolidation and emphasized the importance of reducing the number of security tools in use.

Although complexity has been a recurring theme in “The State of Cloud-Native Security Report,” there’s been little progress in eliminating it. The number of tools dedicated to cloud security has increased 60% from last year.

Data Protection in Fragmented Ecosystems

Data Protection in Fragmented Ecosystems

Data security is a big challenge for many organizations, with 50% conducting manual reviews to identify and classify sensitive data within the cloud. This is a problem, not just because manual reviews are time-consuming, error-prone and often incomplete, but because manual reviews result in gaps in data protection, leaving organizations vulnerable to breaches.

To make matters worse, 98% of organizations store sensitive data across multiple environments. More than half of survey respondents blame this complexity for the challenges of monitoring and controlling sensitive information and 48% claim that data protection is inadequately performed.

Security Incidents on the Rise

Because data is often spread across cloud environments, the attack surface of most organizations is vast. When coupled with a lack of comprehensive visibility, which increases opportunities for insider threats, it’s no surprise that 45% of respondents are seeing a rise in advanced persistent threats (APTs).

Year-over-year increases in security incidents were seen across the board. Nearly 50% of organizations reported an increase in downtime due to misconfiguration, compliance violations and insecure APIs (43% of organizations rank API risks as their No. 1 security concern) while 64% of organizations saw a rise in data breaches.

Addressing Collaboration Starts at the Top

Addressing Collaboration Starts at the Top

Conflict between cloud security and application development is likely to always exist and the results of this year’s report support that. Participants were vocal about the challenges they face, with 84% attributing delays with their project timelines to security processes, 83% viewing security as a burden, and 79% claiming their employees frequently ignore or work-around security processes.

The Backlog and the Blame Game

Because developers are compelled to deliver new features, updates and bug fixes as quickly as possible in order to meet business goals, security tickets pile up, go-to-market dates get missed, and a culture of scapegoating persists. Feedback on this issue was predictably divided—86% blame security for hindering software releases while 91% say developers need to produce more secure code.

And what about the 71% of organizations that report vulnerabilities resulting from rushed deployments? Most (92%) blame inefficient development and deployment and 71% blame stress, with 93% of respondents citing high turnover rates.

Risks, Realities and Cloud Security Strategies

Risks, Realities and Cloud Security Strategies

Tooling issues represent a big challenge when it comes to resolving security bugs and vulnerabilities. It impacts the development process for 40% of survey respondents, with 33% of security practitioners attributing legacy security tools to their inability to stay on top of threat vectors and citing alert noise as the cause of resolution delays.

It’s because of these challenges that the overarching themes of efficiency and effectiveness were such a major focus. More than 90% of respondents claim that the number of point tools they use create blind spots that make it hard to prioritize risk and prevent threats. A further 88% struggle to identify what security tools they need. Thankfully, teams were clear on what capabilities they need. Nearly 95% want a solution that provides immediate remediation steps and nearly as many agree that they’d benefit from a solution that automatically finds interconnected vulnerabilities and misconfigurations with the highest potential of a successful attack.

The State of
Cloud-Native Security Report

See what's working in cloud-native security

Prisma Cloud logo
Prisma Cloud

Get the free trial to start securing your cloud-native applications today.

See more.
Stop more.
Respond faster.

Cloud-Native Security Report Archive

The State of Cloud-Native Security Report 2023

Life in the cloud moves fast, much faster than we’d have imagined 12 months ago. And complexity is ubiquitous, obstinate and an undermining force when it comes to securing cloud-native environments.

Read more

The State of Cloud-Native Security Report 2022

Surveying security and DevOps leaders at the forefront of the cloud-native ecosystem reveals how organizations approach cloud adoption, including lessons from successful and less-successful programs.

Read more

The State of Cloud-Native Security Report 2020

Cloud adoption is accelerating — and so are the challenges that organizations face when moving workloads to the cloud and expanding their cloud estates.

Read more