• Latest
  • Trending
4 Reasons Why Companies Fail to Fix Cloud Misconfigurations

4 Reasons Why Companies Fail to Fix Cloud Misconfigurations

January 3, 2022
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Friday, 23 May, 2025
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

4 Reasons Why Companies Fail to Fix Cloud Misconfigurations

by ITECHNEWS
January 3, 2022
in Leading Stories, Opinion
0 0
0
4 Reasons Why Companies Fail to Fix Cloud Misconfigurations

Data breaches due to cloud misconfigurations are increasingly making news headlines. And with the accelerating pace of cloud innovation, developer mishaps are bound to happen.

While there is no easy solution to this problem, understanding why companies failed to fix misconfigurations that led to breaches can help your security team plan their management of cloud risk better.

YOU MAY ALSO LIKE

ATC Ghana supports Girls-In-ICT Program

Vice President Dr. Bawumia inaugurates ICT Hub

In a joint research survey by VMware and Cloud Security Alliance, 17% of companies reported a cloud security breach due to a misconfiguration in the past year. The research highlights lack of cloud security knowledge, team alignment, risk visibility and speed as the four primary challenges that stand in the way of teams trying to operationalize cloud security.

1) Cloud Knowledge Gap

When asked why the misconfiguration that led to the breach could not be resolved, 59% reported limited cloud knowledge as the second most critical challenge to cloud security.

In most companies, the burden of training the whole organization on security best practices falls on central IT teams. But with over half a million cybersecurity jobs unfulfilled in the country, finding experienced staff knowledgeable in cloud security is not easy.

Today, most organizations are in a tricky spot, where sometimes a single security architect is seen enabling hundreds of developers and other IT personnel in the company. The scarcity of cloud security experts can cascade security concerns across the company.

As a cybersecurity leader in charge of the cloud strategy, one way to help your teams learn and scale is to let them invest in specialized cloud posture management solutions that automate security and compliance benchmarks across the company’s cloud footprint.

2) Unaligned Teams

Improving cloud security governance across a company requires the participation of disparate teams, each with slightly varying security or compliance objectives. The primary goal for each one of these teams, whether in IT security or operations, is to help developers follow cloud best practices.

Almost half (49%) of survey respondents indicated that their Information Security, IT Operations, and DevOps teams are not aligned on cloud security policies. Even worse, in 70% of companies, these teams lack basic alignment on policy enforcement strategies.

Failure to align on a unified governance strategy is a security or compliance risk and overwhelming for developers trying to balance release velocity with various governance priorities.

To help different teams align, you should consider building a centralized Cloud Center of Excellence or a cross-functional team that supports and governs the execution of your cloud strategy within your company.  A common forum to strategize and debate can help your teams build trust and agree on security standards and how they should be implemented.

3) Poor Risk Visibility

The most critical challenge: 63% of respondents reported that lack of visibility into misconfiguration vulnerabilities is the primary reason their company could not prevent the cloud security breach. This is especially interesting because 91% of respondents also reported that their companies are currently using a solution to detect and remediate misconfiguration risks.

Then why is identifying misconfigurations so challenging? With cloud providers owning some aspects of cloud security, your security teams are often confused about their own share of security responsibilities as cloud customers.

But within their share, teams need both breadth and depth of risk visibility. This means having the ability to monitor every single cloud provider, account, and service with appropriate security policies. It requires having deep insight into various cloud resources, configuration dependencies, and the numerous paths a hacker can traverse to access data or take control of your cloud environment.

Such comprehensive security support, context and intelligence are usually found lacking in established solutions in the industry. So even if your team has a solution to monitor the cloud, ask again, do they have good risk visibility?

4) Slow Security Processes

It’s well established that criminals can quickly identify and start probing your internet-facing cloud assets within minutes. So, the speed at which your team can identify and fix a misconfiguration is critical in determining its success in avoiding a cloud security breach.

Unfortunately, the survey found that cloud security processes at most companies are lagging. Close to half (44%) of respondents reported that it takes them more than a day to detect a misconfiguration mistake, and even worse, 63% say it takes longer than a day to remediate that risk.

This shows that shifting security left isn’t easy. Building guardrails and enabling developers to fix misconfigurations before code moves to production should be a key priority for your team. But no shift-left security implementation is bulletproof, and nor is it feasible for your developers to proactively catch all mistakes. Complementing your DevSecOps approach with an over-the-top real-time security monitoring solution is essential for effectively managing cloud risk.

What next?

Misconfigurations due to human errors are a leading cause of cloud security breaches. Of course, enabling developers to use the cloud securely and reduce misconfiguration risk can be challenging. One of the fastest ways your team can improve cloud security is by learning from security mistakes others have made.

Source: Nikhil Girdhar Head of Product Marketing
Via: VMware
Tags: CLOUDcybersecurity
ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023

Recent News

  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Co-Creation Hub’s edtech accelerator puts $15M towards African startups February 20, 2023
  • Data Leak Hits Thousands of NHS Workers February 20, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version