A new report from Palo Alto Networks’ Unit 42 threat intelligence team titled “Cloudy With a Chance of Entropy” reports that there are at least 34 million vulnerabilities across some of the largest cloud platforms, including Amazon Web Services, Google Compute Engine and Microsoft Azure.
Notably, the threats were not found to be the result of cloud providers themselves, but rather the applications customers deploy on cloud infrastructure. As the report states, “cloud service providers maintained their sterling reputation for platform security . . . however, consumers of infrastructure- and platform-as-a-service (IaaS and PaaS) cloud offerings continue to struggle with getting the basics of security right.”
The surging adoption of cloud container systems such as Docker and Kubernetes is leading to many of these issues. The report states that more than 40,000 container systems operate under default, insecure configurations. 65% of all cloud-related incidents between February 2018 and June 2019 were the result of misconfigurations by customers. The advice from Palo Alto is clear. “Security teams need to embrace containers as they are key to enabling DevSecOps. However, teams also need to ensure that the applications and hosts are securely configured and monitored.”
Staying current with cloud security best practices can help organizations avoid unknowingly leaving themselves open to vulnerabilities. This is one of the main reasons (ISC)² recently refreshed the content for and updated the domains within its CCSP cloud security certification. Proactively realigning the exam enables (ISC)² to affirm candidates’ deep knowledge of cloud security architecture, design, operations and service orchestration. This process ensures that the examinations and subsequent continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today's practicing cloud security professional.
A recent (ISC)² webinar brought together several of the speakers who’ll be presenting at the upcoming (ISC)² Security Congress 2019 in the Cloud Security track to preview their sessions, get an idea of what will be covered and discuss the state of cloud security today. Watch the “2019 Security Congress Preview – Cloud Security” Security Briefings webinar on demand today.
As a reminder, Early Bird registration is available through August 15 for the conference, which takes place in Orlando, FL from October 28 – 30. By popular demand, one of the 18 tracks available at the conference will focus on Cloud Security and the challenges practitioners face when dealing with all things cloud related. In addition to this track, there will also be pre-conference training available, which includes a CCSP Cloud Security Crash Course, and the third annual CSA Summit,
For the latest findings on the state of cloud security, you can also check out Cybersecurity Insiders’ “2019 Cloud Security Report,” sponsored by (ISC)².