SUSE: Cloud security incidents down this year, but companies remain vigilant

Companies are experiencing fewer cloud security incidents this year than in years past, yet they still have concerns related to cloud and edge.

This is according to SUSE’s latest Securing the Cloud report, which surveyed 820 IT engineers, architects, developers, security managers, and directors across the US, Germany, UK, France, and the Netherlands. 

According to SUSE’s research, companies experienced an average of 2.3 cloud-related security incidents in the past year, which is down from four last year. Seventy percent of respondents experienced at least one cloud security incident in the last 12 months (compared to 88% last year), and 62% of respondents experienced at least one edge security incident in that time frame. 

For IT leaders, ensuring data privacy and compliance with regulation is their top challenge of working with and securing edge data, with 37% of respondents saying so. Eighty-six percent of the respondents said they would be more willing to migrate additional workloads to the cloud or edge if they were assured their data was protected.

This year ransomware was the top cloud security concern (38% of respondents), whereas in previous years, data stores were the top concern. Secondary concerns included “data theft and crypto mining within clusters, attacks on running services using unknown vulnerabilities, visibility and controls to sensitive data being accessed in the cloud, and monitoring and alerts on malicious activities behaviors” — all at 24%. 

Generative AI is also posing new threats to cloud security. The top two concerns that respondents have in regards to GenAI are AI-powered cyberattacks (66% of respondents) and privacy and data security (65%). Other concerns include vulnerabilities in the AI supply chain and data poisoning. 

US respondents were more likely to view generative AI as a risk to their security strategy across all categories compared to European respondents. 

And finally, SUSE found that 25% of IT decision makers plan to prioritize supply chain related security certifications this year. Respondents believe that in-house auditing of third-party software is the most important step they can take to mitigate risk of software supply chain attacks.

In the next few years, twenty-four percent of respondents plan to re-evaluate software bill of materials (SBOM) depth, quality, and security; 15% plan to revisit build quality, and 14% will prioritize source-code auditability.