CLOUD INFRASTRUCTURE MANAGEMENT

Osterman Research Survey Finds 84% of Companies Have Only Rudimentary Capabilities for Securing Their Cloud Infrastructure

Ermetic | August 05, 2022 | Read time : 03:36 min

Ermetic
Ermetic, the cloud infrastructure security company, today released the findings of a research study conducted by Osterman Research on the cloud security maturity level of organizations in North America. The survey found that 84% of respondents were at an entry level (one or two) in terms of their cloud security capabilities and only 16% ranked at the top two levels. Meanwhile, 80% of companies reported they lack a dedicated security team responsible for protecting cloud resources from threats. The survey also revealed the top five priorities that all highly mature companies have in common when it comes to cloud security.

Osterman Research surveyed 326 organizations in North America with 500 or more employees and who spend a minimum of $1 million or more each year on cloud infrastructure to establish an industry baseline against the Ermetic Cloud Security Model. The model was designed to provide organizations with a lightweight framework for determining their maturity level (1 - Ad Hoc, 2- Opportunistic, 3- Repeatable, 4- Automated & Integrated) across multiple domains, while allowing them to develop a specific, actionable roadmap for advancing their capabilities.

“One of the most unexpected findings that emerged from this study was the lack of cloud security maturity among the largest enterprises surveyed, Less than 10% of companies with more than 10,000 employees reported being at the top two maturity levels, while nearly 20% of smaller enterprises have achieved repeatable or automated & integrated cloud security capabilities.”

Michael Sampson, senior analyst for Osterman Research and author of the report

Other Report Highlights
Demonstrable ROI: 42% of companies investing more than 50 hours per week on cloud security are achieving the highest levels of maturity (Levels 3 and 4)
Bigger not better: Only 7% of companies with more than 10,000 employees were at level three or four in terms of maturity, compared with 18% for companies with between 2,500 and 9,999 employees, and 24% for companies with 500 to 2,499 employees
Overall, maturity is low: 84% of companies were at level one or two (41.5% Ad Hoc and 42.5% Opportunistic) and only 16% at level three or four (11.1% Repeatable and 4.9% Automated & Integrated)
More clouds doesn’t equal more maturity: the percentage of companies that ranked at the highest levels of maturity (3 & 4) decreased with multicloud usage. For example, the number of organizations achieving Repeatable or Automated & Integrated security capabilities dropped nearly 50% when going from one (10%) to three (6%) cloud platforms
Shared blindspot: 81% of organizations lack full visibility into all resources that are directly accessible from the Internet
“This survey makes two things very clear. Without the right tools, spending lots of time and resources on cloud security will not necessarily make you more secure,” said Shai Morag, CEO of Ermetic. “And, by focusing on the right priorities you can achieve a very high level of security maturity regardless of your organization’s size.”

Five Habits of Highly Mature Companies
Organizations that reported focusing on the five following security priorities achieved the highest levels (3 or 4) of maturity:

Detecting general cloud misconfigurations (e.g., unencrypted resources, MFA)
Achieving the ability to track and investigate activities performed by human users and applications/service accounts across the cloud infrastructure
Establishing Just-in-Time (JIT) access for developers / DevOps / Cloud operations teams to cloud infrastructure environments
Evaluating and reporting on alignment with security best practices (e.g., AWS well-architected, CIS) and compliance standards (e.g., NIST, ISO, SOC2, PCI-DSS)
Achieving least-privilege for identities in the cloud (both human identities and service accounts)

About Ermetic
Ermetic helps prevent breaches by reducing the attack surface of cloud infrastructure and enforcing least privilege at scale in the most complex environments. The Ermetic SaaS platform provides comprehensive cloud security for AWS, Azure and GCP that spans both cloud infrastructure entitlements management (CIEM) and cloud security posture management (CSPM). The company is led by proven technology entrepreneurs whose previous companies have been acquired by Microsoft, Palo Alto Networks and others. Ermetic has received funding from Accel, Forgepoint, Glilot Capital Partners, Norwest Venture Partners, Qumra and Target Global.

Spotlight

The network. The foundation for modern business and new computing models. With data, voice, video and storage traffic all converging onto the network, ensuring your underlying infrastructure is braced to support these traffic volumes is essential.


Other News
CLOUD SECURITY

Cyera and Wiz Partner to Strengthen Cloud Security with Data Security Posture Management

Wiz | November 18, 2022

Cyera, the data security company, can now seamlessly integrate with Wiz to provide prioritized attack surface minimization and automated remediation based on sensitive data exposure. Cyera leverages its Data Security Graph to help security teams quickly understand the blast radius that an active security threat or vulnerability represents, and how to respond to remediate the issue. "Wiz introduced a new approach to cloud security that enables organizations to embrace the cloud while reducing risk, Partnering with other cloud-first companies that enable security teams benefits everyone as it improves the overall cloud security posture." Assaf Rappaport, CEO of Wiz Enhancing Cloud Detection and Response with Data Security Posture Cyera's data security posture management platform enables security teams to understand the data they manage, and what's at risk. By automatically and continuously identifying data stores across IaaS, PaaS and SaaS, Cyera proactively assesses internet facing exposures and access permissions, and provides detection and response capabilities to keep an organization's most precious data safe from exposure. This integration adds Cyera's deep data context to Wiz's extensive risk posture assessments. "Cyera provides enterprises with a deep understanding of the sensitive data they have, how it extends their threat surface and how to take action to remediate the risk it represents," said Yotam Segev, CEO of Cyera. "Together, our solutions will empower security teams to approach cloud security holistically, focusing on the risks that matter most." Holistic cloud data protection, at scale The new solution will enable security teams to prioritize risk remediation based on sensitive data exposure. "Security teams need to understand how sensitive data represents risk to their business," said Mike Britton, Chief Information Security Officer for Abnormal Security. "Getting your security posture right requires you to understand the difference between how an application, an IT employee, or someone in HR should be able to access and handle sensitive information, before you can effectively apply the right controls that protect your business without disrupting it." Examples of how this partnership improves cloud security with data security posture include: Adding context on the risk that publicly exposed data represents to operational resilience into detection and response workflows Identifying where improved data security controls and less permissive access to sensitive customer or employee data can improve cyber-resilience and protect against ransomware threats Correlating cloud configuration issues, critical data store vulnerabilities, and data security risk to ensure teams can respond quickly to the most material risks to their cloud environments About Cyera Cyera is the data security company that gives businesses context and control over their most valuable asset: data. As a pioneer in data security posture management, Cyera instantly provides companies visibility over all of their sensitive data, context over the risk it represents and their security exposure, and automated remediation to reduce the attack surface and ensure operational resilience. Backed by leading investors including Sequoia, Accel, and Cyberstarts, Cyera is redefining the way companies do cloud data security. About Wiz Wiz is reinventing cloud security from the inside out. Led by an experienced and visionary team, Wiz is on a mission to help organizations create secure cloud environments that accelerate their businesses. By creating a normalizing layer between cloud environments, the Wiz platform enables organizations to rapidly identify and remove critical risks.

Read More

CLOUD DEPLOYMENT MODELS

CoreStack Participates in AWS Marketplace Vendor Insights Preview

CoreStack | September 07, 2022

CoreStack, a global cloud governance provider that empowers enterprises to unleash the power of the cloud by enabling continuous and autonomous cloud governance at scale, today announced that it is participating in the Amazon Web Services (AWS) Marketplace Vendor Insights preview, which streamlines the complex third-party software risk assessment process by enabling sellers to make security and compliance information available through AWS Marketplace, a curated digital catalog that customers can use to find, buy, deploy, and manage third-party software, data, and services to build solutions and run their businesses. CoreStack’s NextGen Cloud Governance solutions — FinOps, SecOps and CloudOps — are now available via a unified web-based dashboard as part of AWS Marketplace Vendor Insights to give customers access to security and compliance information. AWS Marketplace Vendor Insights helps streamline the procurement process by granting buyers access to evidence made available by sellers related to data privacy and residency, application security, and access control. “We created AWS Marketplace Vendor Insights to serve customers that need help validating third-party software that meets their compliance needs, We are glad to see CoreStack participating in the Vendor Insights preview and their commitment to trust and transparency. Companies like CoreStack work with AWS to showcase their validated security profile, saving customers months of effort, reducing the software risk assessment lead time for customers while assuring them of continuous monitoring of vendor security.” Jason Timmes, General Manager, AWS Marketplace Seller Services Using Vendor Insights can help buyers reduce assessment lead time to a few hours by allowing buyers to access the vendor’s validated security profile, saving months of effort from questionnaires and back-and-forth with vendors. The dashboard also provides evidence backed by AWS Config and AWS Audit Manager assessments, external audit reports, and software vendor self-assessments to help customers perform continual compliance monitoring. "Vendor Insights provides ongoing visibility and alerts about the vendor’s security hygiene,” said Satyam Patel, Vice President & Chief Information Security Officer at [24]7.ai. “Using Vendor Insight notifications helps us remove the need for periodic reassessments and brings in agility in the procurement process.” The CoreStack platform, built on cloud-native services, empowers AWS customers to achieve security and compliance, enhance cloud operational efficiencies as well as optimize costs. It applies a unique cloud-as-code approach that leverages deep artificial intelligence (AI) / machine learning (ML), declarative definitions, and a patented cloud service-chaining technology. Customers can leverage CoreStack’s powerful NextGen Cloud Governance offerings — FinOps, SecOps and CloudOps — to govern operations, security, cost, access, and resources across multiple cloud accounts. “We take pride in helping customers embrace, expand and enhance cloud through our NextGen Cloud Governance, and we are proud to showcase our validated and strong security story with customers through Vendor Insights,” said Parul Chheda, Vice President of Strategic Alliances at CoreStack. “Security is a shared responsibility, and we are happy that AWS Marketplace customers can directly monitor and inspect configuration of our technology resources and collect other critical information to deliver up-to-date security posture metrics and artifacts. We look forward to working with AWS to fast-track due diligence and further the value we can offer to our customers.” About CoreStack CoreStack is a NextGen cloud business accelerator that empowers enterprises to predictably increase top-line revenues, improve bottom-line efficiencies, and gain a competitive edge through AI-powered real-time cloud governance on autopilot. CoreStack's FinOps, SecOps and CloudOps solutions embrace, enhance, and extend native-cloud, enable reporting, recommendation, remediation and provide single pane-of-glass governance across multi-cloud. Through executive dashboards for comprehensive real-time insights, CoreStack delivers transformative value such as 40% increase in operational efficiencies, 50% decrease in cloud costs, and 100% security assurance and compliance. CoreStack helps 500+ global enterprises govern $2B+ in annual cloud consumption.

Read More

CLOUD SECURITY

SqlDBM and Inergy Announce Partnership, Looking at Cloud as the Future of Data

SqlDBM | November 24, 2022

SqlDBM - Online Data Modeling Tool announced their partnership with Inergy, a leading provider of BI and Analytics solutions based in the Netherlands. Henceforth, Inergy will collaborate with SqlDBM as a Silver Partner, aligning on digital exposure and cloud adoption strategy. SqlDBM, itself a cloud-based SaaS database modeling platform, has witnessed firsthand the transformative power that the cloud drives for scalability and ease of use. Inergy, with over two decades of BI experience, is likewise committed to helping its customers embrace cloud-based solutions. Both SqlDBM and Inergy are official Snowflake Partners and see this synergy as a natural fit. “The Inergy-SqlDBM partnership is a powerful combination. Data environments across platforms and channels have become increasingly complex, so the tools and consultants which deal with them must evolve to meet this challenge. We believe our common understanding of cloud solutions will be pivotal in leading the industry towards the future of the cloud,” Anna Abramova, Head of Growth at SqlDBM Inergy is also a Gold Microsoft Partner, with employees certified in Azure, one of SqlDBM’s most widely-supported databases. Both companies see the cloud as the logical next step in BI and data warehousing. They will henceforth collaborate to make sure their customers are well equipped to leverage the possibilities that cloud computing has to offer. About SqlDBM SqlDBM’s mission is to provide a modern cloud-based modeling solution that enables customers to layout or create their business warehouse without writing a single line of code. SqlDBM supports leading cloud-based database providers like Snowflake, Azure Synapse, Redshift, and on-premise solutions like Postgres and SQL Server. Using an online visual interface, users can diagram their entire database through reverse engineering, create new objects, make changes, and add properties without writing SQL. SqlDBM provides additional features that facilitate data governance, data discovery (data dictionary), DevOps and CI/CD, and communication between business and technical users. About Inergy Inergy helps organizations get more returns from their core business and business processes by generating insight from all the information they may have. Inergy does not shy away from ambitious projects or demanding clients. Thanks to their many years of experience and thorough knowledge of business processes and technology, Inergy works quickly for result-oriented solutions. And thanks to those same years of experience, Inergy has developed a keen eye for innovative BI techniques and solutions that can help any business.

Read More

CLOUD SECURITY

Sigma Computing Partners with Snowflake to Launch Solution on Healthcare & Life Sciences Data Cloud

Sigma | September 15, 2022

Forescout Technologies, the global leader in automated cybersecurity, today announced a new healthcare cybersecurity partnership with First Health Advisory, a leader in healthcare IT risk management. The partnership creates an innovative approach to connected asset risk management by automating the technical data collection, mitigation and risk reduction measures for a healthcare organization’s entire network that encompasses IT, IoT, OT, and IoMT assets. Healthcare organizations’ networks are under constant attack and often do not have the necessary human capital to oversee the work necessary to thwart a potential threat or attack through quick response. This challenge places added importance on the need to obtain highly skilled outside expertise to operationalize a program and execute ongoing asset risk assessments across the network. “Cybersecurity risk assessments for healthcare organizations are incredibly time consuming, static in nature, and mandated by regulatory requirements. Moreover, the steps to mitigate assessment findings and lower risk are difficult to complete with the current cyber skills shortage, This partnership and new approach that combines intuitive risk assessment and automated mitigation technology will allow healthcare organizations to not only make risk assessments easier and faster to complete, but also free up internal resources to support other critical aspects of the patient experience.” Tamer Baker, vice president, global healthcare, Forescout The audit experience will also see a major transformation through this new partnership. Organizations will have an ability to automate evidence collection and receive ongoing mitigation and vulnerability management support from First Health Advisory staff year-round. “Our partnership delivers the optimal solution healthcare organizations are looking for – the right balance of highly skilled, multi-disciplinary risk assessment personnel with deep understanding of the regulatory landscape together with a dependable cybersecurity platform that can automate risk reduction actions,” said Will Long, CSO of Enterprise Security & Technology at First Health Advisory. “We’re excited about this collaboration and together with Forescout, look forward to helping more healthcare organizations improve their security posture.” About Forescout Forescout Technologies, Inc. delivers cybersecurity automation across the digital terrain, maintaining continuous alignment of customers’ security frameworks with their digital realities, including all asset types – IT, OT, IoT, IoMT. The Forescout Continuum Platform provides complete asset visibility, continuous compliance, network segmentation and a strong foundation for Zero Trust. For more than 20 years, Fortune 100 organizations and government agencies have trusted Forescout to provide automated cybersecurity at scale. Forescout arms customers with data-powered intelligence to accurately detect risks and quickly remediate cyberthreats without disruption of critical business assets.

Read More

Spotlight

The network. The foundation for modern business and new computing models. With data, voice, video and storage traffic all converging onto the network, ensuring your underlying infrastructure is braced to support these traffic volumes is essential.

Resources