Progress announced the speaker lineup for the MarkLogic World Tour US, taking place September 23-25, 2024, at the Bethesda Marriott in Maryland.
Leaders of the (Threat) Pack: Misconfigurations, IAM and Insecure APIs
September 23, 2024
It's likely you've heard of the Rat Pack. Decades later, along came the Brat Pack. And today, there's the Threat Pack. While they might not be making headlines on stage or on screen, this dubious group of leaders is making headlines in other ways, most recently as part of the Cloud Security Alliance's Top Threats to Cloud Computing 2024. This bi-annual survey, which polls enterprises and individuals on what they see as the greatest threat or risk to their cloud environment, encapsulates the most critical security issues that enterprises are currently facing in the cloud space.
This year's top threats included some familiar faces and a few new ones. And, while there have been a few shake ups, what's most interesting is that not too much has changed since we last asked the question in 2022. For the most part, many of the same threats made the list. What has changed is the order in which they appear. For example, Misconfiguration and Inadequate Change ControI moved up from third place in 2022 to the top spot this year. Identity and Access Management (IAM), meanwhile, took top billing two years ago, but moved down to second place this year, bumping Insecure Interfaces and APIs down to #3.
The fact that there has been movement is great, as it indicates progress in the industry while simultaneously demonstrating a growing trust in the cloud. Digging a little deeper, the fact that these issues have remained at or near the top of the list speaks strongly to the importance cloud practitioners place on addressing these risks when it comes to securing their cloud environments.
Given that, the top three threats should come as no surprise to anyone in the cloud space. As we are all too well aware, the issues that are the most challenging to address are those that stem from factors out of our control. Point in case are the updates vendors seem to push out on a frequent basis, each of which has a significant impact on how a cloud environment's backend works. Solving for this has been a long-running discussion, and one that's becoming even more complex as we move into the realm of artificial intelligence. Whereas previously the challenge centered on how to properly manage users, that same challenge still exists but with an added layer of how to best secure non-human identities.
The good news is that while challenges are mounting in one area, there is one sector where we seem to be improving — data exfiltration. This is a hugely important topic, but one that fell off the list of top threats this year. And while it's entirely possible that companies just aren't seeing a lot of attacks on their data, I think it's more likely that a stronger regulatory environment has been a key factor in pushing this down the list. The financial services and healthcare sectors — both of which are among the biggest users of cloud — have begun taking a much stronger stance when it comes to hardening data controls. The results are telling: Thanks to these enhanced regulations, companies are in a better position to prevent and mitigate these types of attacks.
Not to be discounted, the following threats rounded out our top 11 this year. Starting with #4, they are as follows (2022 ranking is shown where relevant):
4. Inadequate selection/Implementation of cloud security strategy (#4)
5. Insecure third-party resources (#6)
6. Insecure software development (#5)
7. Accidental cloud data disclosure (#8)
8. System vulnerabilities (#7)
9. Limited cloud visibility/Observability
10. Unauthenticated resource sharing
11. Advanced persistent threats (#10)
The survey also uncovered several themes that we think are likely to shape the future of cloud computing, specifically the increased sophistication of attacks, the ever-growing risk to the supply chain, the rise of Ransomware-as-a-Service, and finally, as mentioned above, an evolving regulatory landscape.
Whereas our list of top threats is by no means exhaustive, it does give a clear snapshot of the challenges companies are currently facing. Taking it a step further, it's our hope that it provides a framework companies can use to ensure their cloud initiatives align with larger strategic goals and that they are allocating their resources effectively to mitigate both financial and reputational risks.
Industry News
September 19, 2024
September 19, 2024
Citrix announced the general availability of Citrix VDA for macOS, expanding their desktop virtualization solutions, and MacStadium support this launch with its industry-leading IaaS offering, optimized for Citrix VDA for macOS deployments in the cloud.
September 19, 2024
Elastic announced the Elasticsearch Open Inference API now supports Hugging Face models with native chunking through the integration of the semantic_text field.
September 19, 2024
Codecov by Sentry, a dedicated code coverage reporting solution, announced Bundle Analysis and Test Analytics, two new solutions designed to accelerate workflows and arm developers with actionable insights to create a seamless development experience.
September 19, 2024
NightVision released API eNVy, an Application Programming Interface (API) solution that enables organizations to discover and document APIs in seconds.
September 19, 2024
Kong announced the global expansion of its Kong Konnect Dedicated Cloud Gateways.
September 18, 2024
MacStadium announced the General Availability of Orka Desktop 3.0, a powerful, user-friendly tool that allows developers, testers, and macOS admins to create, test, and manage macOS virtual machines (VMs) on local Apple silicon-based computers.
September 18, 2024
Komodor announced Klaudia, a Generative AI (GenAI) agent for troubleshooting and remediating operational issues, as well as optimizing Kubernetes environments.
September 18, 2024
Inflectra announced the launch of Rapise v8, a test automation solution that uses the power of Generative AI to deliver true autonomous testing.
September 17, 2024
Check Point® Software Technologies Ltd. has been recognized as one of theWorld’s Best Companies of 2024 by TIME and Statista.
Check Point made its debut on the list due to its strong employee satisfaction, revenue growth, and ESG efforts.
September 17, 2024
Oracle announced the availability of Java 23, the latest version of the programming language and development platform.
September 17, 2024
JFrog announced a new product integration with NVIDIA NIM microservices, part of the NVIDIA AI Enterprise software platform.
September 17, 2024
Tigera announced several new features for Calico Cloud and Calico Enterprise to improve the efficiency of remediating vulnerabilities in container images, and ensure compatibility with the latest deployment options for OpenShift.
September 17, 2024
Gearset announced the acquisition of Clayton, a code analysis platform designed specifically for Salesforce.
September 16, 2024
Docker is introducing a new way for developers and organizations to access its suite of products – including Docker Desktop, Docker Hub, Docker Trusted Content, Docker Scout, Docker Build Cloud, and Testcontainers Cloud.
