Security News > 2022 > December > It’s time to fill those cloud security gaps
According to analysis by cloud security startup Wiz and EY, 93 percent of cloud environments were vulnerable to the Log4Shell vulnerability.
It's a challenge that existing tools struggle with, argues Wiz product vice president Yinon Costica, who points out that these have been adapted ad-hoc from an established computing model not built with cloud security in mind.
"By modelling the cloud environment and risk factors on a graph, Wiz delivers context and an easily explorable view of the cloud for users. Beyond visualizations and queries, the Security Graph enables Wiz to interrogate the underlying cloud environment," he adds.
Simply addressing the problem of the security team isn't enough to make cloud security work.
In the software sphere, vulnerabilities are made public and tracked using CVEs, a system that has proved less suited to the cloud security context, Wiz argues.
Wiz's answer is The Open Cloud Vulnerability and Security Issue Database, an open initiative announced in 2022 that has set itself the task of becoming a public repository for cloud flaws and service provider issues.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/12/22/its_time_to_fill_those/
Related news
- How AI Is Changing the Cloud Security and Risk Equation (source)
- Strategies for CISOs navigating hybrid and multi-cloud security (source)
- AWS unveils cloud security IR service for a mere $7K a month (source)
- Are Long-Lived Credentials the New Achilles’ Heel for Cloud Security? (source)
- Best CSPM Tools 2025: Top Cloud Security Solutions Compared (source)
- CrowdStrike vs Wiz: Which Offers Better Cloud Security and Value? (source)
- CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01 (source)
- Enhancing visibility for better security in multi-cloud and hybrid environments (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)