Under Attack?
Search
Menu

Organizations Experience Multi-Cloud ‘Whiplash’ as Application Threats Grow

By Eyal AraziNovember 9, 2023

Whereas 2022 was characterized by the rapid expansion of organizations to the multi-cloud, 2023 has been characterized by consolidation of cloud environments, alongside a greater appreciation of the security challenges of the multi-cloud.

Radware released today the 2023 edition of its Application Security in a Multi-Cloud World report, highlighting key statistics and trends in cloud security and web application protection.

Multi-Cloud Adoption Experiences ‘Whiplash’ Effect…

One main difference we saw in this year’s report compared to last year’s report was in the rate of adoption of multi-cloud environments. Whereas in 2022, 58% of organizations deployed applications across two or more public cloud environments, according to the 2023 data, only 24% of organizations deploy applications on multiple cloud environments. And while in 2022, 21% of organizations were using three or more cloud environments, in 2023 only a negligible percentage of organizations seem to be doing so.

At the same time, the concerns about security threats to multi-cloud environments have risen sharply. While in 2022 only 26% of organizations thought that security policy consistency across multiple cloud platforms was a ‘problem’ or ‘extreme problem,’ in 2023 this figure has more than doubled to 56% of organizations who see it as a problem or extreme problem. Likewise, concerns about protection coverage between platforms have risen from 38% in 2022 to 61% who are worried about it in 2023, and concerns about unified logging and reporting rose sharply from 41% in 2022 to 58% in 2023.

These findings indicate a significant drawback from multi-cloud adoption, and consolidation around a smaller number of public cloud environments. The rise in concerns about multi-cloud security might be inversely correlated with finding, that as concerns about multi-cloud application security rise, organizations are less inclined to deploy web applications across multiple platforms.

… But Hybrid is Still King

However, it should be noted that the overall adoption of public cloud infrastructure has not diminished. According to Radware’s 2023 report, 100% of organizations use the public cloud, which is a slight increase over last year (where ‘only’ 99% of organizations were using the public cloud).

Moreover, while the adoption of multiple public clouds has stalled, most organizations still deploy applications in a hybrid architecture comprising of on-premises, private cloud and public cloud environments.

In this year’s report, 73.3% of organizations are still using their on-premises data centers, and 70% are using a private cloud environment. According to this year’s report, 87% of organizations currently use a combination of two or three types of environments (on-prem, public cloud, or private cloud), and 46.4% of organizations use all three in tandem. In fact, less than 1% of organizations use only a single environment, and in all cases that was a public cloud environment.

Web Application Threats Grow in Scope and Frequency

At the same time, the threat landscape for web applications is getting more dangerous. According to Radware’s 2023 data, the frequency of attack has increased across the four main types of web application attack vectors – application vulnerabilities, bot attacks, API attacks and DDoS attacks.

Whereas in 2022, an average of 29% of organizations experienced such attacks on a daily or weekly basis, this year 42% of organizations experienced attacks on average on a daily or weekly basis:

  • 45.6% of organizations experienced a web application attack on a daily or weekly basis
  • 45.5% of organizations experienced bot attacks on a daily or weekly basis
  • 43% of organizations experienced attacks against their APIs on a daily or weekly basis
  • 31% of organizations experienced a DDoS attack on a daily or weekly basis

In contrast, while last year an average of 30% claimed to rarely or ever see any of these attacks, in 2023 this figure dropped to 12%, indicating that more organizations are being attacked more than ever before.

APIs More Important, More Attacked Than Ever

One of the main findings of this year’s report is how the usage of APIs has grown, and how APIs have become critical to the business success of the organization. At the same time, APIs are more targeted than ever before.

Usage of internally developed APIs has grown in 2023, with 87% of organizations increasing their usage. Only 13% of organizations said their usage of APIs has remained the same as in the previous year, and no organization saw a decrease in API usage. At the same time, 67% of organizations see APIs as ‘very important’ or ‘extremely important’ to the business success of the organization, and this figure is expected to rise to 85% in 12 months.

However, attacks against APIs have also seen a sharp rise, with 68% of respondents seeing them on a daily, weekly, or monthly basis, compared to only 55% from last year. Moreover, last year 18% of respondents claimed to have never faced an API attack, whereas this year, less than 2% claimed to have never seen an attack on their APIs.

Impact of DDoS Attacks is More Than Just Financial

Finally, the past year has seen an increase in DDoS attacks, as well, especially with application-layer attacks. In 2023, 60% of respondents saw DDoS attacks on a monthly basis or more frequently, compared to 53% last year.

Loss of revenue was the top-rated business impact, with 78% of organizations indicating it is a ‘significant’ or ‘extremely significant’ concern. The overall average cost of a DDoS attack was $6,130 per minute, or $367,797 per hour.

Other concerns included regulatory fines (71.3%), bad press (69.3%), damage to corporate brand (62.9%) and customer churn (55.9%). Interestingly, 50% of respondents were worried about personal career consequences from a security breach, showing that these concerns can impact not just at the organizational level, but at the personal level, as well.

Read the Report to Find Out More

For additional findings, including many findings not covered here, download Radware’s full Application Security in a Multi-Cloud World 2023.

Radware will also be hosting a webinar to discuss these findings in detail. Sign up below, based on your location / time zone:

Posted in: Application ProtectionTags:

Eyal Arazi

Eyal is a Product Marketing Manager in Radware’s security group, responsible for the company’s line of cloud security products, including Cloud WAF, Cloud DDoS, and Cloud Workload Protection Service. Eyal has extensive background in security, having served in the Israel Defense Force (IDF) at an elite technological unit. Prior to joining Radware, Eyal worked in Product Management and Marketing roles at a number of companies in the enterprise computing and security space, both on the small scale startup side, as well as large-scale corporate end, affording him a wide view of the industry. Eyal holds a BA in Management from the Interdisciplinary Center (IDC) Herzliya and a MBA from the UCLA Anderson School of Management.

Related Articles

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Contact Us Now

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

CyberPedia

An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

CyberPedia
What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
Close

What are you looking for?