Security News > 2022 > December > It’s time to fill those cloud security gaps
According to analysis by cloud security startup Wiz and EY, 93 percent of cloud environments were vulnerable to the Log4Shell vulnerability.
It's a challenge that existing tools struggle with, argues Wiz product vice president Yinon Costica, who points out that these have been adapted ad-hoc from an established computing model not built with cloud security in mind.
"By modelling the cloud environment and risk factors on a graph, Wiz delivers context and an easily explorable view of the cloud for users. Beyond visualizations and queries, the Security Graph enables Wiz to interrogate the underlying cloud environment," he adds.
Simply addressing the problem of the security team isn't enough to make cloud security work.
In the software sphere, vulnerabilities are made public and tracked using CVEs, a system that has proved less suited to the cloud security context, Wiz argues.
Wiz's answer is The Open Cloud Vulnerability and Security Issue Database, an open initiative announced in 2022 that has set itself the task of becoming a public repository for cloud flaws and service provider issues.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/12/22/its_time_to_fill_those/
Related news
- Whitepaper: Reach higher in your career with cloud security (source)
- Transforming cloud security with real-time visibility (source)
- Top 5 Cloud Security Automations for SecOps Teams (source)
- Microsoft lost some customers’ cloud security logs (source)
- How AI Is Changing the Cloud Security and Risk Equation (source)
- Strategies for CISOs navigating hybrid and multi-cloud security (source)
- Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers (source)
- Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security (source)
- Enhancing visibility for better security in multi-cloud and hybrid environments (source)