Security News > 2022 > December > It’s time to fill those cloud security gaps
According to analysis by cloud security startup Wiz and EY, 93 percent of cloud environments were vulnerable to the Log4Shell vulnerability.
It's a challenge that existing tools struggle with, argues Wiz product vice president Yinon Costica, who points out that these have been adapted ad-hoc from an established computing model not built with cloud security in mind.
"By modelling the cloud environment and risk factors on a graph, Wiz delivers context and an easily explorable view of the cloud for users. Beyond visualizations and queries, the Security Graph enables Wiz to interrogate the underlying cloud environment," he adds.
Simply addressing the problem of the security team isn't enough to make cloud security work.
In the software sphere, vulnerabilities are made public and tracked using CVEs, a system that has proved less suited to the cloud security context, Wiz argues.
Wiz's answer is The Open Cloud Vulnerability and Security Issue Database, an open initiative announced in 2022 that has set itself the task of becoming a public repository for cloud flaws and service provider issues.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/12/22/its_time_to_fill_those/
Related news
- Harnessing the Power of CTEM for Cloud Security (source)
- Google Cloud/Cloud Security Alliance Report: IT and Security Pros Are ‘Cautiously Optimistic’ About AI (source)
- Exposing the top cloud security threats (source)
- The first steps of establishing your cloud security strategy (source)
- eBook: Cloud security skills (source)
- Building a strong cloud security posture (source)
- The Fundamentals of Cloud Security Stress Testing (source)
- Breakthrough in Quantum Cloud Computing Ensures its Security and Privacy (source)
- Cloud Console Cartographer: Open-source tool helps security teams transcribe log activity (source)