As the use of cloud computing rises, so does the complexity of these environments and the volume of attacks targeting cloud systems. As the ability to spin up infrastructure becomes more decentralized, a new generation of vulnerabilities and risks are created in misdelivery, misconfiguration, and publishing errors. This is the world enterprise security teams find themselves as they work to secure their cloud systems. Here is how to secure cloud-native systems and development pipelines.
Cloud systems are under attack, and enterprise security teams find themselves challenged to keep their cloud systems secure. Novel types of attacks are also emerging within cloud, such as misconfigurations; leaked secrets such as passwords, API keys, and administrative credentials; and weak or no security controls such as exposed privileges or unencrypted storage. Modern cloud environments are also widely de-centralized and workloads are managed independently, making it difficult to gain a comprehensive view of the environment. The lack of visibility results in systems and areas unknown and unmanaged by security teams.
Cloud-based deployments are outside the network perimeter and directly accessible from the public Internet, making it easier for an attacker to gain unauthorized access to an organization’s cloud-based resources. Attackers are manipulating cloud-native resources and applications to improve their ability to evade detection, improve lateral movement, and escalate account privileges for access to more sensitive systems and data.
Offered Free by: Palo Alto Networks
See All Resources from: Palo Alto Networks