How the COVID-19 pandemic has changed IT & security

While the COVID-19 pandemic has disrupted business models around the world, the adoption of modern application and cloud technologies continues to grow. This year’s Continuous Intelligence Report by Sumo Logic provides an inside look into the state of the modern application technology stack, including changing trends in cloud and application adoption and usage by customers, and the impact of COVID-19 as an accelerant for digital transformation efforts.

“This year was unlike any other that we have witnessed with a significant shift in organizations’ technology priorities, in part as a result of the COVID-19 pandemic,” said Bruno Kurtic, founding VP of strategy and solutions at Sumo Logic. “This continued acceleration to digital further fueled key trends including multi-cloud adoption, an expanding threat landscape, and the need for improved collaboration across DevSecOps, as companies quickly made changes to adapt to new business demands. The need for continuous intelligence is even more critical as digital businesses require real-time analytics to deliver high performance, highly scalable, always-on digital services to speed decision making and drive the best customer experiences.”

As businesses faced upheaval, many have turned to new platforms to support new and changing ways of doing business. Multi-cloud adoption grew by 70% year over year, outpacing the previous 12 months that saw 50% growth. Enterprises are increasingly turning to modern cloud platforms such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), to deliver high quality and secure applications to their customers.

With the shift to the modern app stack and multi-cloud, the importance of architecture grows.

The typical AWS customer with at least two AWS accounts runs 26 different services (up from 15 last year) across at least two AWS regions. And, more and more enterprises running multi-cloud are using Kubernetes for container orchestration. Another winning technology is AWS Lambda, now adopted by 39% of Sumo Logic’s AWS customers

This data comes directly from Sumo Logic’s Continuous Intelligence Report. Now in its fifth year, the report provides data-driven insights, best practices and trends by analyzing technology adoption among more than 2,100 Sumo Logic customers who run massive mission-critical modern applications on cloud platforms like AWS, Azure, and Google Cloud Platform as well as hybrid cloud infrastructure.

Attackers are busier than before the pandemic

Concurrent with the accelerated adoption of Cloud services, there has been a shift in security threats targeting Cloud infrastructure. The work from home and business continuity requirements during the pandemic correlates with a growth in certain types of malicious attacks - discovery, privilege escalation and execution. Sumo Logic analyzes 40 risk signals from over 11,000 AWS accounts spanning key AWS services including Amazon EC2, S3, Identity Access Management, Relational Database Service, Lambda, and Redshift.

The risk signals are matched with security incidents curated from AWS penetration tests and operational best practices. Looking at the types of attacks over the past year, we can see trends on a global scale.

The Global Intelligence for AWS CloudTrail App monitors Sumo Logic customers to detect potentially malicious configuration changes in your AWS account by comparing AWS CloudTrail events in your account against Sumo Logic’s cohort of AWS customers.

Along with the type of attacks, the source and destination of attacks has also shifted globally. AWS regional centers in the U.S., European Union, Japan and China are the top targets for attackers in the AWS global network. Over 60% of attacks detected by GuardDuty target AWS availability zones in the US, EU, Japan and China. Attacks originating from Russia grew during the pandemic while those originating from sources located in China and Iran declined

The map above aggregates anonymous data from Sumo Logic’s Global Intelligence for Amazon GuardDuty App. The analyzes more than 55 threats from several hundred Amazon GuardDuty customers. The origin and target of Amazon GuardDuty’s findings offers a perspective on the origin of attackers.

The only constant is change

The only constant is change, and companies need a strategy to address the growing complexity of Cloud services and shifting security landscape. Sumo Logic’s customers use this data to compare their own environments with this dataset by enabling the Global Intelligence App for Amazon GuardDuty and Cloud Trail. These apps are just one example of the value of continuous intelligence with real-time analytics and insights from a single, cloud-native platform.

The Continuous Intelligence Report provides more insights and recommendations based on our global data from the past year. Global intelligence is only possible with a Continuous Intelligence Platform capable of monitoring thousands of customers on any Cloud or on premise.