MacStadium(link is external) announced the extended availability of Orka(link is external) Cluster 3.2, establishing the market’s first enterprise-grade macOS virtualization solution available across multiple deployment options.
Concerns Rise as Organizations Struggle to Operationalize Cloud Security
July 10, 2023
Companies are increasingly embracing the power and agility of cloud-based solutions, with more than 20% of their workloads running in the cloud today, with plans to grow more than 50% in the next 18 months. With this accelerated cloud adoption comes inherent challenges and apprehension, as Check Point's 2023 Cloud Security Report(link is external) reveals. As a result, 76% of organizations are apprehensive about cloud security, and cloud-based attacks are increasing at an alarming rate.
The greatest security attack threat is cloud misconfigurations, with a quarter of the respondents stating that they have already succumbed to a public cloud security incident due to a misconfiguration. In addition, the survey found that cloud misconfiguration was seen as the primary risk by 60% of the participants.
The 2023 Cloud Security Report results also show that organizations are still dealing with fundamental cloud security challenges. For instance, 58% of organizations need help to deploy and manage a complete solution across all cloud environments, 52% struggle to ensure data protection and privacy, and 49% struggle to understand how different security solutions fit together. A real cause for concern is that an overwhelming 43% of organizations need to access three to four separate security solutions to configure the policies that secure their enterprise's cloud footprint.
One potential solution to these challenges is the consolidation of security policies, operations, and responsibilities into a single platform. With only 20% of respondents having a comprehensive DevSecOps process in place, it is clear that more organizations should implement a developer-centric approach that enforces security policies throughout the software development lifecycle. This prevents developers from creating friction in the development process while securing the system effectively.
A developer-centric approach is a paradigm shift from the traditional top-down approach that separates developers from security operations. This approach requires developers to have the necessary context to identify, prioritize, and remediate security risks within the software supply chain. To make this a reality, better-integrating features such as code scanning, effective risk management, and CIEM are essential building blocks for mitigating risk and employing zero trust across the board.
Moving forward, we expect to see the expansion of comprehensive DevSecOps processes in organizations, with developers taking active roles in decisions about what technologies are used to implement security control requirements and standards. More than 40% of DevOps engineers are already being held accountable for technical changes to systems that are required to remediate security and compliance, according to the report.
By embracing a CNAPP platform approach and devoting resources to automation, scaling, and risk management, organizations can achieve the full life cycle protection requirements of cloud-native applications from development to production.
Industry News
March 05, 2025
JFrog is partnering with Hugging Face, host of a repository of public machine learning (ML) models — the Hugging Face Hub — designed to achieve more robust security scans and analysis forevery ML model in their library.
March 05, 2025
Copado launched DevOps Automation Agent on Salesforce's AgentExchange, a global ecosystem marketplace powered by AppExchange for leading partners building new third-party agents and agent actions for Agentforce.
March 05, 2025
Harness completed its merger with Traceable, effective March 4, 2025.
March 04, 2025
JFrog released JFrog ML, an MLOps solution as part of the JFrog Platform designed to enable development teams, data scientists and ML engineers to quickly develop and deploy enterprise-ready AI applications at scale.
March 04, 2025
Progress announced the addition of Web Application Firewall (WAF) functionality to Progress® MOVEit® Cloud managed file transfer (MFT) solution.
March 04, 2025
Couchbase launched Couchbase Edge Server, an offline-first, lightweight database server and sync solution designed to provide low latency data access, consolidation, storage and processing for applications in resource-constrained edge environments.
March 04, 2025
Sonatype announced end-to-end AI Software Composition Analysis (AI SCA) capabilities that enable enterprises to harness the full potential of AI.
March 03, 2025
Aviatrix® announced the launch of the Aviatrix Kubernetes Firewall.
March 03, 2025
ScaleOps announced the general availability of their Pod Placement feature, a solution that helps companies manage Kubernetes infrastructure.
March 03, 2025
Cloudsmith raised a $23 million Series B funding round led by TCV, with participation from Insight Partners and existing investors.
February 27, 2025
IBM has completed its acquisition of HashiCorp, whose products automate and secure the infrastructure that underpins hybrid cloud applications and generative AI.
February 27, 2025
Veeam® Software announces Veeam Kasten for Kubernetes v7.5, designed to deliver Kubernetes-native data resilience for enterprises.
February 27, 2025
DeepSource released Globstar, an open-source project bringing code security tooling to the AppSec community, with no restrictions on commercial usage.
February 26, 2025
Google Cloud announced the public preview of Gemini Code Assist for individuals, a free version of Gemini Code Assist that will give students an easy-to-use free AI coding assistant with the highest usage limits available
