Security News > 2020 > May > DevOps needs to morph into DevSecOps to close security threats in the cloud

Everyone is having trouble keeping cloud deployments secure, according to a new report from Oracle and KPMG. The "Threat Report 2020: Addressing Security Configurations Amidst a State of Constant Change" found that 92% of IT professionals do not think their organization is well prepared to secure public cloud services.

Misconfigured cloud services are prevalent, problematic, and the top cloud security priority.

Here is a review of the problems with over-privileged accounts and advice on how implementing a DevSecOps approach to software development can close up security holes in cloud deployments.

Exposed web servers and other types of server workloads 35%.Object store-resident data not appropriately secured via access control lists 34%.The lack of multi-factor authentication 33%.Disabled logging for capturing an audit trail of cloud activity 31%. The most commonly cited misconfigured cloud service, over-privileged accounts, is directly related to unprotected cloud secrets, another significant cloud threat identified by the report.

To reduce the security threats in cloud deployments, security must become a business requirement and a shared responsibility instead of an afterthought, according to the report.

News URL

https://www.techrepublic.com/article/devops-needs-to-morph-into-devsecops-to-close-security-threats-in-the-cloud/#ftag=RSS56d97e7