Some blind spots the Vectra report uncovered include :
• 30 % of organizations surveyed have no formal sign-off before pushing to production
• 40 % of respondents say they do not have a DevSecOps workflow
• 71 % of organizations say that 10 or more people can modify the entire infrastructure in their AWS environments , creating numerous attack vectors for hackers
Despite these blind spots , the survey showed that companies are taking security seriously . Over half of the companies reported having double-digit Security Operations Center ( SOC ) headcounts , showing a significant investment in keeping their organizations secure . Matt Pieklik , Senior Consulting Analyst at Vectra , said : “ Securing the cloud with confidence is
nearly impossible due to its ever-changing nature . To address this , companies need to limit the number of attack vectors malicious actors are able to take .
“ This means creating formal sign-off processes , creating DevSecOps workflows and limiting the number of people that have access to their entire infrastructure as much as possible .
“ Ultimately , companies need to provide security holistically across regions and automate as many activities as possible to enhance their effectiveness .”
Vectra has answered this industry need through the creation of Detect for AWS which reduces risk of cloud services being exploited , detects threats against AWS services and automatically responds to attacks against applications running in AWS . p
www . intelligentcio . com INTELLIGENTCIO NORTH AMERICA 29