• Latest
  • Trending
Why Companies Fail to Fix Cloud Misconfigurations

Why Companies Fail to Fix Cloud Misconfigurations

December 9, 2021
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022
Airtel Africa Purchases $42M Worth of Additional Spectrum

Airtel Africa Purchases $42M Worth of Additional Spectrum

July 15, 2022
Huawei steps up drive for Kenyan talent

Huawei steps up drive for Kenyan talent

July 15, 2022
TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

July 15, 2022
Facebook to allow up to five profiles tied to one account

Facebook to allow up to five profiles tied to one account

July 15, 2022
Top 10 apps built and managed in Ghana

Top 10 apps built and managed in Ghana

July 15, 2022
MTN Group to Host the 2nd Edition of the MoMo API Hackathon

MTN Group to Host the 2nd Edition of the MoMo API Hackathon

July 15, 2022
KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

July 15, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Saturday, 28 January, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Why Companies Fail to Fix Cloud Misconfigurations

by ITECHNEWS
December 9, 2021
in Opinion
0 0
0
Why Companies Fail to Fix Cloud Misconfigurations

Data breaches due to cloud misconfigurations are increasingly making news headlines. And with the accelerating pace of cloud innovation, developer mishaps are bound to happen.

While there is no easy solution to this problem, understanding why companies failed to fix misconfigurations that led to breaches can help your security team plan their management of cloud risk better.

YOU MAY ALSO LIKE

Making Biometrics Work: 3 Ways To Jumpstart the Process

How to prevent cyberbullying: Keeping students safe

In a joint research survey by VMware and Cloud Security Alliance, 17% of companies reported a cloud security breach due to a misconfiguration in the past year. The research highlights lack of cloud security knowledge, team alignment, risk visibility and speed as the four primary challenges that stand in the way of teams trying to operationalize cloud security.

1) Cloud Knowledge Gap

When asked why the misconfiguration that led to the breach could not be resolved, 59% reported limited cloud knowledge as the second most critical challenge to cloud security.

In most companies, the burden of training the whole organization on security best practices falls on central IT teams. But with over half a million cybersecurity jobs unfulfilled in the country, finding experienced staff knowledgeable in cloud security is not easy.

Today, most organizations are in a tricky spot, where sometimes a single security architect is seen enabling hundreds of developers and other IT personnel in the company. The scarcity of cloud security experts can cascade security concerns across the company.

As a cybersecurity leader in charge of the cloud strategy, one way to help your teams learn and scale is to let them invest in specialized cloud posture management solutions that automate security and compliance benchmarks across the company’s cloud footprint.

2) Unaligned Teams

Improving cloud security governance across a company requires the participation of disparate teams, each with slightly varying security or compliance objectives. The primary goal for each one of these teams, whether in IT security or operations, is to help developers follow cloud best practices.

Almost half (49%) of survey respondents indicated that their Information Security, IT Operations, and DevOps teams are not aligned on cloud security policies. Even worse, in 70% of companies, these teams lack basic alignment on policy enforcement strategies.

Failure to align on a unified governance strategy is a security or compliance risk and overwhelming for developers trying to balance release velocity with various governance priorities.

To help different teams align, you should consider building a centralized Cloud Center of Excellence or a cross-functional team that supports and governs the execution of your cloud strategy within your company.  A common forum to strategize and debate can help your teams build trust and agree on security standards and how they should be implemented.

3) Poor Risk Visibility

The most critical challenge: 63% of respondents reported that lack of visibility into misconfiguration vulnerabilities is the primary reason their company could not prevent the cloud security breach. This is especially interesting because 91% of respondents also reported that their companies are currently using a solution to detect and remediate misconfiguration risks.

Then why is identifying misconfigurations so challenging? With cloud providers owning some aspects of cloud security, your security teams are often confused about their own share of security responsibilities as cloud customers.

But within their share, teams need both breadth and depth of risk visibility. This means having the ability to monitor every single cloud provider, account, and service with appropriate security policies. It requires having deep insight into various cloud resources, configuration dependencies, and the numerous paths a hacker can traverse to access data or take control of your cloud environment.

Such comprehensive security support, context and intelligence are usually found lacking in established solutions in the industry. So even if your team has a solution to monitor the cloud, ask again, do they have good risk visibility?

4) Slow Security Processes

It’s well established that criminals can quickly identify and start probing your internet-facing cloud assets within minutes. So, the speed at which your team can identify and fix a misconfiguration is critical in determining its success in avoiding a cloud security breach.

Unfortunately, the survey found that cloud security processes at most companies are lagging. Close to half (44%) of respondents reported that it takes them more than a day to detect a misconfiguration mistake, and even worse, 63% say it takes longer than a day to remediate that risk.

This shows that shifting security left isn’t easy. Building guardrails and enabling developers to fix misconfigurations before code moves to production should be a key priority for your team. But no shift-left security implementation is bulletproof, and nor is it feasible for your developers to proactively catch all mistakes. Complementing your DevSecOps approach with an over-the-top real-time security monitoring solution is essential for effectively managing cloud risk.

Nikhil Girdhar Head of Product Marketing, VMware

ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022

Recent News

  • Inaugural AfCFTA Conference on Women and Youth in Trade September 6, 2022
  • Instagram fined €405m over children’s data privacy September 6, 2022
  • 5.7bn data entries found exposed on Chinese VPN August 18, 2022
  • Fibre optic interconnection linking Cameroon and Congo now operational July 15, 2022
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version