Spectro Cloud completed a $75 million Series C funding round led by Growth Equity at Goldman Sachs Alternatives with participation from existing Spectro Cloud investors.
Concerns Rise as Organizations Struggle to Operationalize Cloud Security
July 10, 2023
Companies are increasingly embracing the power and agility of cloud-based solutions, with more than 20% of their workloads running in the cloud today, with plans to grow more than 50% in the next 18 months. With this accelerated cloud adoption comes inherent challenges and apprehension, as Check Point's 2023 Cloud Security Report reveals. As a result, 76% of organizations are apprehensive about cloud security, and cloud-based attacks are increasing at an alarming rate.
The greatest security attack threat is cloud misconfigurations, with a quarter of the respondents stating that they have already succumbed to a public cloud security incident due to a misconfiguration. In addition, the survey found that cloud misconfiguration was seen as the primary risk by 60% of the participants.
The 2023 Cloud Security Report results also show that organizations are still dealing with fundamental cloud security challenges. For instance, 58% of organizations need help to deploy and manage a complete solution across all cloud environments, 52% struggle to ensure data protection and privacy, and 49% struggle to understand how different security solutions fit together. A real cause for concern is that an overwhelming 43% of organizations need to access three to four separate security solutions to configure the policies that secure their enterprise's cloud footprint.
One potential solution to these challenges is the consolidation of security policies, operations, and responsibilities into a single platform. With only 20% of respondents having a comprehensive DevSecOps process in place, it is clear that more organizations should implement a developer-centric approach that enforces security policies throughout the software development lifecycle. This prevents developers from creating friction in the development process while securing the system effectively.
A developer-centric approach is a paradigm shift from the traditional top-down approach that separates developers from security operations. This approach requires developers to have the necessary context to identify, prioritize, and remediate security risks within the software supply chain. To make this a reality, better-integrating features such as code scanning, effective risk management, and CIEM are essential building blocks for mitigating risk and employing zero trust across the board.
Moving forward, we expect to see the expansion of comprehensive DevSecOps processes in organizations, with developers taking active roles in decisions about what technologies are used to implement security control requirements and standards. More than 40% of DevOps engineers are already being held accountable for technical changes to systems that are required to remediate security and compliance, according to the report.
By embracing a CNAPP platform approach and devoting resources to automation, scaling, and risk management, organizations can achieve the full life cycle protection requirements of cloud-native applications from development to production.
Industry News
November 20, 2024
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, has announced significant momentum around cloud native training and certifications with the addition of three new project-centric certifications and a series of new Platform Engineering-specific certifications:
November 20, 2024
Red Hat announced the latest version of Red Hat OpenShift AI, its artificial intelligence (AI) and machine learning (ML) platform built on Red Hat OpenShift that enables enterprises to create and deliver AI-enabled applications at scale across the hybrid cloud.
November 20, 2024
Salesforce announced agentic lifecycle management tools to automate Agentforce testing, prototype agents in secure Sandbox environments, and transparently manage usage at scale.
November 19, 2024
OpenText™ unveiled Cloud Editions (CE) 24.4, presenting a suite of transformative advancements in Business Cloud, AI, and Technology to empower the future of AI-driven knowledge work.
November 19, 2024
Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade developer portal based on the Backstage project.
November 19, 2024
Pegasystems announced the availability of new AI-driven legacy discovery capabilities in Pega GenAI Blueprint™ to accelerate the daunting task of modernizing legacy systems that hold organizations back.
November 19, 2024
Tricentis launched enhanced cloud capabilities for its flagship solution, Tricentis Tosca, bringing enterprise-ready end-to-end test automation to the cloud.
November 19, 2024
Rafay Systems announced new platform advancements that help enterprises and GPU cloud providers deliver developer-friendly consumption workflows for GPU infrastructure.
November 19, 2024
Apiiro introduced Code-to-Runtime, a new capability using Apiiro’s deep code analysis (DCA) technology to map software architecture and trace all types of software components including APIs, open source software (OSS), and containers to code owners while enriching it with business impact.
November 19, 2024
Zesty announced the launch of Kompass, its automated Kubernetes optimization platform.
November 18, 2024
MacStadium announced the launch of Orka Engine, the latest addition to its Orka product line.
November 18, 2024
Elastic announced its AI ecosystem to help enterprise developers accelerate building and deploying their Retrieval Augmented Generation (RAG) applications.
November 18, 2024
Red Hat introduced new capabilities and enhancements for Red Hat OpenShift, a hybrid cloud application platform powered by Kubernetes, as well as the technology preview of Red Hat OpenShift Lightspeed.
November 18, 2024
Traefik Labs announced API Sandbox as a Service to streamline and accelerate mock API development, and Traefik Proxy v3.2.
