Security News > 2020 > May > DevOps needs to morph into DevSecOps to close security threats in the cloud
Everyone is having trouble keeping cloud deployments secure, according to a new report from Oracle and KPMG. The "Threat Report 2020: Addressing Security Configurations Amidst a State of Constant Change" found that 92% of IT professionals do not think their organization is well prepared to secure public cloud services.
Misconfigured cloud services are prevalent, problematic, and the top cloud security priority.
Here is a review of the problems with over-privileged accounts and advice on how implementing a DevSecOps approach to software development can close up security holes in cloud deployments.
Exposed web servers and other types of server workloads 35%.Object store-resident data not appropriately secured via access control lists 34%.The lack of multi-factor authentication 33%.Disabled logging for capturing an audit trail of cloud activity 31%. The most commonly cited misconfigured cloud service, over-privileged accounts, is directly related to unprotected cloud secrets, another significant cloud threat identified by the report.
To reduce the security threats in cloud deployments, security must become a business requirement and a shared responsibility instead of an afterthought, according to the report.
News URL
Related news
- Cloud threats have execs the most freaked out because they're not prepared (source)
- Obsidian Security Warns of Rising SaaS Threats to Enterprises (source)
- Whitepaper: Reach higher in your career with cloud security (source)
- Transforming cloud security with real-time visibility (source)
- Top 5 Cloud Security Automations for SecOps Teams (source)
- Microsoft lost some customers’ cloud security logs (source)
- Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers (source)
- Evolving cloud threats: Insights and recommendations (source)
- Eliminating AI Deepfake Threats: Is Your Identity Security AI-Proof? (source)
- Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security (source)