Sumo Logic Finds Attack Surface Expanding

An annual report published today by Sumo Logic, a provider of security tools delivered as a cloud service, highlights the degree to which security has fundamentally shifted in the age of the cloud.

Based on an analysis of data culled from more than 2,100 Sumo Logic customers, the report finds the attack surface has expanded considering as more organizations employ multiple clouds. The use of multiple clouds by organizations has grown 70% year over year, the report finds.

A full 59% of respondents are still only using Amazon Web Services (AWS), but the number of organizations employing multiple clouds now stands at 18%, with another 15% relying on both public clouds and on-premises IT environments.

Bruno Kurtic, vice president of strategy and solutions at Sumo Logic, said organizations clearly are relying more on the cloud, especially as IT teams continue to work from home to help combat the spread of the COVID-19 pandemic. Most digital business transformation initiatives revolve around a cloud application deployment, he noted.

While AWS remains the most dominant cloud platform, there has been a significant increase adoption of the Microsoft Azure cloud, according to the report. In fact, 8% of respondents said they are using Microsoft Azure only.

The report also notes that the use of multiple services within each cloud is expanding. A typical application running on Amazon Web Services (AWS), for example, can now access as many as 26 services, up from 15 last year. The top 10 adopted services in AWS are AWS Security Token Service, Amazon S3, AWS Key Management Service, AWS Identity Access Management, Sign In, AWS EC2, logs, AWS CloudTrail, SNS and AWS Lambda.

Most customers are making use of at least two AWS regions and have two AWS accounts, according to the report.

Kurtic noted the use of cloud-native technologies on these platforms has risen sharply as well. Over 85% of businesses are choosing Kubernetes to build and operate applications across multiple clouds, with more than 40% of the company’s customers using AWS employing some type of container orchestration capability. Overall, usage of Docker containers grew 9% in the last year, according to the report.

The adoption of serverless computing platforms has also grown sharply—37% of organizations employing AWS also make use of AWS Lambda.

In terms of tools employed by AWS customers, CloudTrail (60%), VPC Flow Logs (34%) and GuardDuty (22%) are the most widely employed.

Kurtic said the report also surfaced a slight shift in cyberattack patterns, especially since the beginning of the pandemic. More attacks originated in Russia and India. Overall, AWS regional centers in the U.S. and European Union (EU) were the top targets for cyberattacks.

As the attack surface continues to expand, the report suggests that organizations are evolving their approach to cybersecurity in response. Over 41% of Sumo Logic customers are using the company’s platform to monitor their source code repository, build/continuous integration, artifact repository, test, continuous delivery/pipeline, automation or release automation tools. That suggests there is more focus on employing best DevSecOps practices.

Less clear is to what degree those efforts will result in more secure IT environments. However, given the scope of the challenge at hand, more organizations are embracing best DevSecOps practices to secure cloud applications if they hope to have any chance of success.