Progress announced new powerful capabilities and enhancements in the latest release of Progress® Sitefinity®.
Leaders of the (Threat) Pack: Misconfigurations, IAM and Insecure APIs
September 23, 2024
It's likely you've heard of the Rat Pack. Decades later, along came the Brat Pack. And today, there's the Threat Pack. While they might not be making headlines on stage or on screen, this dubious group of leaders is making headlines in other ways, most recently as part of the Cloud Security Alliance's Top Threats to Cloud Computing 2024. This bi-annual survey, which polls enterprises and individuals on what they see as the greatest threat or risk to their cloud environment, encapsulates the most critical security issues that enterprises are currently facing in the cloud space.
This year's top threats included some familiar faces and a few new ones. And, while there have been a few shake ups, what's most interesting is that not too much has changed since we last asked the question in 2022. For the most part, many of the same threats made the list. What has changed is the order in which they appear. For example, Misconfiguration and Inadequate Change ControI moved up from third place in 2022 to the top spot this year. Identity and Access Management (IAM), meanwhile, took top billing two years ago, but moved down to second place this year, bumping Insecure Interfaces and APIs down to #3.
The fact that there has been movement is great, as it indicates progress in the industry while simultaneously demonstrating a growing trust in the cloud. Digging a little deeper, the fact that these issues have remained at or near the top of the list speaks strongly to the importance cloud practitioners place on addressing these risks when it comes to securing their cloud environments.
Given that, the top three threats should come as no surprise to anyone in the cloud space. As we are all too well aware, the issues that are the most challenging to address are those that stem from factors out of our control. Point in case are the updates vendors seem to push out on a frequent basis, each of which has a significant impact on how a cloud environment's backend works. Solving for this has been a long-running discussion, and one that's becoming even more complex as we move into the realm of artificial intelligence. Whereas previously the challenge centered on how to properly manage users, that same challenge still exists but with an added layer of how to best secure non-human identities.
The good news is that while challenges are mounting in one area, there is one sector where we seem to be improving — data exfiltration. This is a hugely important topic, but one that fell off the list of top threats this year. And while it's entirely possible that companies just aren't seeing a lot of attacks on their data, I think it's more likely that a stronger regulatory environment has been a key factor in pushing this down the list. The financial services and healthcare sectors — both of which are among the biggest users of cloud — have begun taking a much stronger stance when it comes to hardening data controls. The results are telling: Thanks to these enhanced regulations, companies are in a better position to prevent and mitigate these types of attacks.
Not to be discounted, the following threats rounded out our top 11 this year. Starting with #4, they are as follows (2022 ranking is shown where relevant):
4. Inadequate selection/Implementation of cloud security strategy (#4)
5. Insecure third-party resources (#6)
6. Insecure software development (#5)
7. Accidental cloud data disclosure (#8)
8. System vulnerabilities (#7)
9. Limited cloud visibility/Observability
10. Unauthenticated resource sharing
11. Advanced persistent threats (#10)
The survey also uncovered several themes that we think are likely to shape the future of cloud computing, specifically the increased sophistication of attacks, the ever-growing risk to the supply chain, the rise of Ransomware-as-a-Service, and finally, as mentioned above, an evolving regulatory landscape.
Whereas our list of top threats is by no means exhaustive, it does give a clear snapshot of the challenges companies are currently facing. Taking it a step further, it's our hope that it provides a framework companies can use to ensure their cloud initiatives align with larger strategic goals and that they are allocating their resources effectively to mitigate both financial and reputational risks.
Industry News
November 21, 2024
November 21, 2024
Red Hat announced the general availability of Red Hat Enterprise Linux 9.5, the latest version of the enterprise Linux platform.
November 21, 2024
Securiti announced a new solution - Security for AI Copilots in SaaS apps.
November 20, 2024
Spectro Cloud completed a $75 million Series C funding round led by Growth Equity at Goldman Sachs Alternatives with participation from existing Spectro Cloud investors.
November 20, 2024
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, has announced significant momentum around cloud native training and certifications with the addition of three new project-centric certifications and a series of new Platform Engineering-specific certifications:
November 20, 2024
Red Hat announced the latest version of Red Hat OpenShift AI, its artificial intelligence (AI) and machine learning (ML) platform built on Red Hat OpenShift that enables enterprises to create and deliver AI-enabled applications at scale across the hybrid cloud.
November 20, 2024
Salesforce announced agentic lifecycle management tools to automate Agentforce testing, prototype agents in secure Sandbox environments, and transparently manage usage at scale.
November 19, 2024
OpenText™ unveiled Cloud Editions (CE) 24.4, presenting a suite of transformative advancements in Business Cloud, AI, and Technology to empower the future of AI-driven knowledge work.
November 19, 2024
Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade developer portal based on the Backstage project.
November 19, 2024
Pegasystems announced the availability of new AI-driven legacy discovery capabilities in Pega GenAI Blueprint™ to accelerate the daunting task of modernizing legacy systems that hold organizations back.
November 19, 2024
Tricentis launched enhanced cloud capabilities for its flagship solution, Tricentis Tosca, bringing enterprise-ready end-to-end test automation to the cloud.
November 19, 2024
Rafay Systems announced new platform advancements that help enterprises and GPU cloud providers deliver developer-friendly consumption workflows for GPU infrastructure.
November 19, 2024
Apiiro introduced Code-to-Runtime, a new capability using Apiiro’s deep code analysis (DCA) technology to map software architecture and trace all types of software components including APIs, open source software (OSS), and containers to code owners while enriching it with business impact.
November 19, 2024
Zesty announced the launch of Kompass, its automated Kubernetes optimization platform.
November 18, 2024
MacStadium announced the launch of Orka Engine, the latest addition to its Orka product line.
