FEATURE : CYBERSECURITY

Amit Tailor , Director , Systems

Engineering , Palo Alto Networks , says that cloud security will only be achieved by taking systematic steps to strengthen cloud cybersecurity posture .

The reason for the persistence of these security errors is doing the security remediation work is time consuming and problematic .

From what security teams have shared with us , over half ( 60 %) of organizations take more than four days to fix security issues .

Given how a threat actor can exploit newly disclosed vulnerabilities in a matter of hours , the fact that it can take days to remediate an alert is a cause for serious concern .

As organizations evolve from their early steps into cloud via the lift and shifting of on-premises applications to adopting properly cloud-native applications , there is an opportunity for revisiting cloud cybersecurity . However , this will only happen with organizations taking systematic steps to strengthen their cloud cybersecurity posture , on top of dealing with persistent cyber hygiene issues that have bedevilled cloud cybersecurity for years .

Unit 42 ’ s seventh study into the cloud cybersecurity of thousands of organizations worldwide revealed unpatched vulnerabilities continue to plague cloud computing . The study found nearly two-thirds ( 63 %) of the codebases in production have unpatched vulnerabilities rated high or critical and 11 % of the hosts exposed in public clouds also have high or critical vulnerabilities .

The same set of risky behaviors is repeated even among experienced teams , which include unrestricted firewall policies , exposed databases and unenforced Multi-Factor Authentication ( MFA ).

A prime difference in cloud-native computing is how it adds incredible dynamism to cloud workloads . The most recent data we have on this is striking . In our State of Cloud-Native Security report , two-thirds of all organizations surveyed say that deployment frequency has increased or significantly increased over the past year . Also , 38 % of enterprises deploy code to production or release to end-users every day , with 17 % deploying multiple times a day .

To ensure these updates and deployments are secure , security needs to be embedded in a fast-moving development environment . Most developers are aware of their greater security responsibilities , but clearly , their prime job is to deliver new code that answers commercial needs and must be deployed rapidly . These dual demands are exposing a new tension in cloud cybersecurity where security and developer teams are rightly turning to tools for security assurance

40 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com