Security News > 2020 > May > DevOps needs to morph into DevSecOps to close security threats in the cloud

Everyone is having trouble keeping cloud deployments secure, according to a new report from Oracle and KPMG. The "Threat Report 2020: Addressing Security Configurations Amidst a State of Constant Change" found that 92% of IT professionals do not think their organization is well prepared to secure public cloud services.
Misconfigured cloud services are prevalent, problematic, and the top cloud security priority.
Here is a review of the problems with over-privileged accounts and advice on how implementing a DevSecOps approach to software development can close up security holes in cloud deployments.
Exposed web servers and other types of server workloads 35%.Object store-resident data not appropriately secured via access control lists 34%.The lack of multi-factor authentication 33%.Disabled logging for capturing an audit trail of cloud activity 31%. The most commonly cited misconfigured cloud service, over-privileged accounts, is directly related to unprotected cloud secrets, another significant cloud threat identified by the report.
To reduce the security threats in cloud deployments, security must become a business requirement and a shared responsibility instead of an afterthought, according to the report.
News URL
Related news
- Cloud security explained: What’s left exposed? (source)
- Oracle Cloud security SNAFU latest: IT giant accused of pedantry as evidence scrubbed (source)
- What native cloud security tools won’t catch (source)
- Observability is security’s way back into the cloud conversation (source)
- Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz (source)
- Skyhawk Security brings preemptive cloud app defense to RSAC 2025 (source)
- Ransomware spike exposes cracks in cloud security (source)
- Closing security gaps in multi-cloud and SaaS environments (source)