As you embrace the latest cloud native technologies such as serverless, containers, and servicemesh, current approaches to securing cloud infrastructure are becoming ineffective as breaches continue to plague the industry. The “State of DevSecOps” report (May 2020 edition) revealed that 67% of high severity risks constituted of open security groups, overly permissive IAM roles, and exposed cloud storage services. This is particularly worrisome as these types of risks have been at the core of many cloud breaches. For example, in the 2019 breach at Capital One where over 100 million individuals were affected, an attacker got hold of a set of AWS access keys by exploiting a server vulnerability. The keys were associated with an IAM role with excessive permissions that enabled the attacker to find a S3 bucket and exfiltrate the data within it.
Get a copy of the report to:
Learn about the latest cloud security practices and trends to gain an understanding of the state of DevSecOps
Learn about key best practices to consider as you rethink your approach to securing cloud native infrastructure