Evolving web applications raise security concerns, push budgets

Complex web applications have raised security concerns with only two percent of organizations confident with their current cybersecurity strategies and over three quarters pushing their security budgets in the last year, according to a study by critical infrastructure cybersecurity provider OPSWAT.

The study surveyed over 400 executive leaders, managers, and senior contributors from 69 countries to understand the state of web applications and cloud infrastructure. 

“The use of applications utilizing services has also increased with these infrastructure upgrades, elevating concerns around file-based malware,” the report said.

Organizations have embraced public cloud hosting for their web applications, with almost all of them either already employing or planning to implement containerization.

Infrastructure for web applications is evolving

At least 75% of organizations have upgraded their infrastructure in the past year. One of the significant observations of the study was that “hosting for applications that accept file uploads is shifting toward the cloud.”

Ninety-seven percent of the respondents said their organizations use or plan to use containers with another 94% saying their web applications currently connect to other storage services too.

In public cloud hosting, Microsoft Azure was being used by 65% of the respondents, closely followed by AWS at 64%, and a modest suit by google cloud platform (GCP) at 33%.

Among the organizations using containers, Azure and AWS Kubernetes were the most popular choices (both at 55%), followed by docker (47%), RedHat OpenShift (26%), and VMWare Tanzu (23%).

Unsecured file upload is a big concern

The rise of containers has inevitably led to the rise in applications using storage services, with 94% of respondents reporting their web applications connect file uploads to other services.

Seventy-five percent of the organizations use part of these other storage services like cloud storage, with another 54% using enterprise on-premises storage, and 37% storage made through managed file transfers.

“File-based malware can slip past other defenses, it’s critical to catch and stop these attacks before they enter your networks and cause harm,” said the study report.

Data breaches were found to be the number one (73%) concern from unsecured file upload, with reputational damage (67%), loss in business or revenue (58%), and denial of service/infrastructure (54%) following close behind. “Seventy-eight percent of respondents are concerned about malware attacks from file uploads”, the report added.