Research: Log4Shell a Wake Up Call For Cloud Security With Patching Efforts and Business Impacts Continuing Into 2022
Report highlights key trends in cloud workload security following Log4Shell
SANTA CLARA, Calif., April 28, 2022 -- Valtix, the industry’s first multi-cloud network security platform as a service, today released new research that highlights how cloud security leaders are changing the way they secure cloud workloads in the aftermath of Log4Shell. The research found that 95% of IT leaders say Log4Shell was a wake up call for cloud security, changing it permanently, and that 87% feel less confident about their cloud security now than they did prior to the incident. The research also found that even 3 months after the incident, 77% of IT leaders are still dealing with Log4J patching with 83% stating that Log4Shell has impacted their ability to address business needs.
Log4Shell was a significant zero-day vulnerability in the Log4J developer library that posed a critical risk to much of the Internet. The humble piece of open source software – ubiquitous with enterprise apps and cloud services – quickly became the worry of IT teams, executives and boards, as they scrambled to protect their most valuable data, systems, and platforms. In March 2022, Valtix worked with an independent research firm to survey 200 cloud security leaders across the U.S. to better understand how the incident changed how IT teams look at and secure their cloud workloads.
The research found that despite better tools and knowledge, 78% of IT leaders still lack clear visibility into what’s currently happening in their cloud environment:
- 82% say visibility into active security threats in the cloud is usually obscured
- 86% agree it’s more challenging to secure workloads in a public cloud than in an on-prem data center
- Only 53% feel confident that all of their public cloud workloads and APIs are fully secured against attacks from the internet
“This research echoes what we are hearing from organizations daily: Log4Shell was a catalyst for many who realized that – even in the cloud – defense in depth is essential because there is no such thing as an invulnerable app,” said Vishal Jain, co-founder and CTO at Valtix. “Log4Shell exposed many of the cloud providers’ workload security gaps as IT teams scrambled to mitigate and virtual patch while they could test updated software. They needed more advanced security for remote exploit prevention, visibility into active threats, or ability to prevent data exfiltration.”
Additionally, respondents were near universal in confirming challenges associated with bringing endpoint security agents and firewall appliances to the cloud from their datacenters with:
- 79% agreeing that agent-based security solutions are difficult to operationalize in the cloud
- 88% stated that bringing network security appliances to the cloud is challenging to the cloud computing operating model
“Security leaders are still dealing with the impacts of Log4Shell,” said Davis McCarthy, principal security researcher at Valtix. “Although many have lost confidence in their existing approach to cloud workload protection, the research shows they are taking action in 2022 by prioritizing new tools, process changes, and budget as it relates to cloud security.”
A complimentary copy of the full report can be downloaded here.
Valtix is on a mission to enable organizations with security at the speed of the cloud. Deployable in just 5 minutes, Valtix was built to combine robust multi-cloud security with cloud-first simplicity and on-demand scale. Powered by a cloud-native architecture, Valtix provides an innovative approach to cloud network security called Dynamic Multi-Cloud Policy (™), which links continuous visibility with advanced security controls. The result: security that is more effective, adaptable to change, and aligned to cloud agility requirements. Valtix has been recognized as an innovator in numerous industry awards including 2021 top honors in the “Next-Gen in Cloud Security” from Cyber Defense Magazine, SINET-16 Innovator recognition, and inclusion in Gartner’s Cool Vendors in Cloud Networking report. Get started with the free tier and a cloud risk assessment at Valtix.com.
Lumina Communications for Valtix