 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
Trouble here, trouble there, it’s trouble, trouble everywhere in cloud security in 2022. We all know that, but the Cloud Security Alliance (CSA) spells out exactly where the security thunderstorms are today.
At the RSA Conference this week, the CSA released its latest cloud security report: Top Threats to Cloud Computing: The Pandemic 11. In it, the CSA lists its top 11 problems.
Those numbers at the end? They’re where these problems were rated in CSA’s 2019 survey. Yes, there have been many changes.
In no small part, that’s because the CSA thinks this marked departure from more generic threats, risks, and vulnerabilities, such as data loss and denial of service, is because cloud and security administrators are more aware of the differences between commonplace security concerns and ones that are truly cloud-based.
Another aspect of it is, if you look closely, that most of these concerns are issues that are directly in the user’s control. These include identity and access management (IAM), cryptography, configuration management, and poor coding practices Users are realizing the burden of securing clouds is now falling on them as well as the cloud provider.
Of course, it doesn’t all fall on users. Number two, user interfaces and application programming interfaces (APIs) are the responsibilities of cloud providers and software providers. As John Yeoh, CSA Global VP of Research, pointed out, “Considering that user interfaces and APIs are the modern way to consume services, it’s concerning that there are still significant challenges when it comes to securing these features.”
After all, Yeoh continued, “The cloud, with its complexity, is the perfect place for attackers to hide and an ideal launchpad for attacks. Add to that the fact that insider threats make it more challenging to protect organizations from data loss and it becomes clear that more industry attention and research is required.”
You think?
In addition, insecure software development and third-party software resources, underline that cloud CxOs are painfully aware of the security holes that come with code that doesn’t have software supply chain security.
The laundry list of cloud misconfiguration problems is also concerning. They include:
It just goes on and on. There’s no surprise that the CSA and other cloud security organizations such as Fugue have found that cloud resource misconfiguration is a leading cause of data breaches.
What it all boils down to is as Jon-Michael C. Brook, co-chair of the Top Threats Working Group, and one of the paper’s lead authors, pointed out, “Collectively, these security issues are a call to action for developing and enhancing cloud security awareness, configuration, and identity management. As cloud business models and security tactics evolve, there is an even greater need to address security issues that are situated higher up the technology stack and are the result of senior management decisions.”
In other words, security needs to become job number one for the C-suite officers. They must hire more people to properly secure their clouds. Even with automated tools, there are not enough resources being brought to bear on securing clouds.
