Security News > 2020 > May > DevOps needs to morph into DevSecOps to close security threats in the cloud

Everyone is having trouble keeping cloud deployments secure, according to a new report from Oracle and KPMG. The "Threat Report 2020: Addressing Security Configurations Amidst a State of Constant Change" found that 92% of IT professionals do not think their organization is well prepared to secure public cloud services.
Misconfigured cloud services are prevalent, problematic, and the top cloud security priority.
Here is a review of the problems with over-privileged accounts and advice on how implementing a DevSecOps approach to software development can close up security holes in cloud deployments.
Exposed web servers and other types of server workloads 35%.Object store-resident data not appropriately secured via access control lists 34%.The lack of multi-factor authentication 33%.Disabled logging for capturing an audit trail of cloud activity 31%. The most commonly cited misconfigured cloud service, over-privileged accounts, is directly related to unprotected cloud secrets, another significant cloud threat identified by the report.
To reduce the security threats in cloud deployments, security must become a business requirement and a shared responsibility instead of an afterthought, according to the report.
News URL
Related news
- Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security (source)
- Google to purchase Wiz for $32 billion in cloud security play (source)
- 5 Identity Threat Detection & Response Must-Haves for Super SaaS Security (source)
- Cloud providers aren’t delivering on security promises (source)
- There are 10,000 reasons to doubt Oracle Cloud's security breach denial (source)
- Cloud security explained: What’s left exposed? (source)
- Oracle Cloud security SNAFU latest: IT giant accused of pedantry as evidence scrubbed (source)
- What native cloud security tools won’t catch (source)
- Observability is security’s way back into the cloud conversation (source)
- Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz (source)