Security News > 2022 > December > It’s time to fill those cloud security gaps
According to analysis by cloud security startup Wiz and EY, 93 percent of cloud environments were vulnerable to the Log4Shell vulnerability.
It's a challenge that existing tools struggle with, argues Wiz product vice president Yinon Costica, who points out that these have been adapted ad-hoc from an established computing model not built with cloud security in mind.
"By modelling the cloud environment and risk factors on a graph, Wiz delivers context and an easily explorable view of the cloud for users. Beyond visualizations and queries, the Security Graph enables Wiz to interrogate the underlying cloud environment," he adds.
Simply addressing the problem of the security team isn't enough to make cloud security work.
In the software sphere, vulnerabilities are made public and tracked using CVEs, a system that has proved less suited to the cloud security context, Wiz argues.
Wiz's answer is The Open Cloud Vulnerability and Security Issue Database, an open initiative announced in 2022 that has set itself the task of becoming a public repository for cloud flaws and service provider issues.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/12/22/its_time_to_fill_those/
Related news
- Balancing cloud security with performance and availability (source)
- Avoiding vendor lock-in when using managed cloud security services (source)
- Why multi-cloud security needs a fresh approach to stay resilient (source)
- Cloud security gains overshadowed by soaring storage fees (source)
- Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security (source)
- Google to purchase Wiz for $32 billion in cloud security play (source)
- Cloud security explained: What’s left exposed? (source)
- Oracle Cloud security SNAFU latest: IT giant accused of pedantry as evidence scrubbed (source)
- What native cloud security tools won’t catch (source)
- How CISOs can balance security and business agility in the cloud (source)