Security News > 2020 > May > DevOps needs to morph into DevSecOps to close security threats in the cloud
Everyone is having trouble keeping cloud deployments secure, according to a new report from Oracle and KPMG. The "Threat Report 2020: Addressing Security Configurations Amidst a State of Constant Change" found that 92% of IT professionals do not think their organization is well prepared to secure public cloud services.
Misconfigured cloud services are prevalent, problematic, and the top cloud security priority.
Here is a review of the problems with over-privileged accounts and advice on how implementing a DevSecOps approach to software development can close up security holes in cloud deployments.
Exposed web servers and other types of server workloads 35%.Object store-resident data not appropriately secured via access control lists 34%.The lack of multi-factor authentication 33%.Disabled logging for capturing an audit trail of cloud activity 31%. The most commonly cited misconfigured cloud service, over-privileged accounts, is directly related to unprotected cloud secrets, another significant cloud threat identified by the report.
To reduce the security threats in cloud deployments, security must become a business requirement and a shared responsibility instead of an afterthought, according to the report.
News URL
Related news
- Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them (source)
- How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal? (source)
- Addressing the intersection of cyber and physical security threats (source)
- Watch Out For These 8 Cloud Security Shifts in 2025 (source)
- Inconsistent security strategies fuel third-party threats (source)
- How CISOs can balance security and business agility in the cloud (source)
- Balancing cloud security with performance and availability (source)