ARMO announced the results of its inaugural "The State of Cloud Runtime Security" survey. The survey uncovers critical challenges enterprises face in managing cloud security effectively.  

The responses of over 300 SecOps stakeholders and cybersecurity leaders reveal that security teams face significant challenges due to an overwhelming volume of alerts, which results in a very low signal-to-noise ratio. In fact, the survey found that security teams must sift through roughly 7,000 alerts to find a single active threat. This is exacerbated by excessive tool sprawl which actively damages key performance indicators like mean time to detection (MTTD) and response (MTTR) by forcing security teams to manually piece together complete attack narratives across disconnected systems. This results in dangerous blind spots, inefficiencies and delays in identifying and responding to real threats. 

"Over the past few years we've seen rapid growth in the adoption of cloud runtime security tools to detect and prevent active cloud attacks and yet, there's a staggering disparity between alerts and actual security incidents," said Shauli Rozen, CEO and Cofounder at ARMO. "Without the critical context about asset sensitivity and exploitability needed to make sense of what is happening at runtime, as well as friction between SOC and Cloud Security, teams experience major delays in incident detection and response that negatively impacts performance metrics."   

Key survey findings: 

• 89% of respondents report that their current processes fail to detect active threats
• 46% of respondents grapple with alert fatigue
• 45% report consistent false positives
• Organizations receive an average of 4,080 monthly alerts about potential cloud-based incidents, yet experience only 7 true security events per year
• 63% of organizations deploy more than five cloud runtime security tools
• Only 13% of organizations successfully correlate alerts between tools
• It takes an average of 7.7 days, up to 30 days, to correlate alerts across tools and organizational silos
• 92% of respondents believe that unified cloud runtime security solutions would enhance incident response efficiency and contextualize alerts to further improve response times 

"The survey results underscore a consensus among cybersecurity professionals on the value of adopting cloud-native security models and purpose-built tools designed for cloud environments to create a more cohesive security operation that meets the demands of today's cloud-native environments," said Ben Hirschberg, CTO and Cofounder at ARMO. "As organizations adapt to address the unique challenges of cloud-native security, focusing on enhanced visibility and automated threat detection and response is essential for strengthening their overall security posture." 

The survey also reveals a counterintuitive organizational challenge: dedicated cloud security teams often impede rather than improve security response. A striking 38% of SecOps professionals identify the Cloud Security team as their most difficult collaboration partner during incidents, followed by the Platform team (31%). This finding suggests that while establishing separate cloud security teams (a practice adopted by 63% of companies) may have been a reasonable approach when cloud technology was emerging, it now creates problematic silos as cloud has become mainstream. These artificial boundaries fragment visibility, complicate communication, and increase MTTD and MTTR.  

The full "The State of Cloud Runtime Security" survey report can be found here.