Charaka Gunathilake, chief technology officer at Panaseer, echoes Reed's sentiments. He also believes that cloud security is about visibility, and agrees that the growing use of multiple cloud platforms and services creates a host of challenges, the biggest of which is visibility.
“Security teams are struggling to identify assets, manage coverage gaps, and prevent unauthorized access to the cloud. As it has become so easy to deploy large infrastructure, many organizations are increasing their attack surface at an unprecedented rate through automation. This is compounded by the lack of uniformity: most are using unique combinations of clouds, hybrid clouds, multi-clouds, and on-premises data centers that are constantly evolving,” Gunathilake said.
To overcome visibility issues, many organizations mine data via APIs and build inventories for each of the three most commonly used cloud infrastructure tiers: IaaS, PaaS, and SaaS.
However, Gunathilake points out that manual china whatsapp data are not only error-prone, but also require significant resources and time. “This also means,” he added, “that things can get overlooked. This was demonstrated by a McAfee report that claimed that 99% of cloud incidents go undetected. The fact that almost all cloud incidents go undetected indicates a critical lack of visibility into cloud security and responsibilities. The best way to fix this is to invest in systems that automatically provide visibility into all computing environments.”
Training and awareness
As organizations move increasingly to the cloud, “the potential attack surface increases where cloud products were not built with security in mind,” said Amanda Grant, chief product officer at Advanced.
But she believes that not all clouds are created equal. Some, she says, are more secure. The best cloud providers build software with security in mind. “That means the onus is less on customers and more on software vendors,” Grant said.