IT leaders say Log4Shell was a wake-up call for cloud security

Data cloud lock

The Log4Shell vulnerability proved to be one of the major cybersecurity events of last year and its repercussions continue to rumble on.

Research from network security platform Valtix shows 95 percent of IT leaders say Log4Shell was a wake up call for cloud security, changing it permanently, and 87 percent feel less confident about their cloud security now than they did before the incident.

The study also shows that even three months after the incident, 77 percent of IT leaders are still dealing with Log4J patching with 83 percent stating that Log4Shell has impacted their ability to address business needs.

The study of 200 cloud security leaders across the US finds that despite better tools and knowledge, 78 percent still lack clear visibility into what’s currently happening in their cloud environment. 82 percent say visibility into active security threats in the cloud is usually obscured, and 86 percent agree it’s more challenging to secure workloads in a public cloud than in an on-premises data center.

Only 53 percent feel confident that all of their public cloud workloads and APIs are fully secured against attacks from the internet.

“This research echoes what we are hearing from organizations daily: Log4Shell was a catalyst for many who realized that — even in the cloud — defense in depth is essential because there is no such thing as an invulnerable app,” says Vishal Jain, co-founder and CTO at Valtix. “Log4Shell exposed many of the cloud providers’ workload security gaps as IT teams scrambled to mitigate and virtual patch while they could test updated software. They needed more advanced security for remote exploit prevention, visibility into active threats, or ability to prevent data exfiltration.”

The challenge of securing cloud systems is highlighted by the fact that 79 percent agree agent-based security solutions are difficult to operationalize in the cloud. Plus, 88 percent say that bringing network security appliances to the cloud is challenging to the cloud computing operating model.

You can find out more on the Valtix blog.

Image credit: everythingposs/

Author: Martha Meyer