The Inner Circle

Expand all | Collapse all

Latest Oracle and KPMG Cloud Threat Report 2020

  • 1.  Latest Oracle and KPMG Cloud Threat Report 2020

    Posted May 22, 2020 12:10:00 AM
    Edited by Olivier Caleff May 22, 2020 11:35:35 PM
    The latest "Oracle and KPMG Cloud Threat Report" is worth reading.
    It analyzes cloud adoption trends, the current threat landscape, and the benefits of configuration management automation.
    Chapter headers:
    • Cloud adoption expands and diversifies
    • Cloud security readiness gaps
    • Cloud configuration management challenges and ramifications
    • Cloud configuration management via SecDevops
    • Cyber attacks and business fraud
    • High expectations at ML


    PS. I am neither related to Oracle nor to KPMG!

    Olivier Caleff - CSA French Chapter - Chapter Leader - -

  • 2.  RE: Latest Oracle and KPMG Cloud Threat Report 2020

    Posted May 22, 2020 09:59:00 AM

    Thanks for sharing this Oliver.


    The study cites that only 8 percent of IT security executives fully understand the cloud shared responsibility security model.  This point resonates with me personally, I invest a lot of time educating up and across on this topic.  In some cases, this uncertainty leads to breakdowns and exploits.  In other cases, this leads to apprehension and unwillingness to venture into the cloud (which I believe ultimately hampers the velocity at which these companies can move).


    Question to the community:

    What percentage of your time is spent educating vs. executing?


    James Leone, CISSP, CCSK

    Cloud | Security | DevOps | IoT

    Enabling organizations to rapidly develop and operate secure, cost-effective, & reliable, cloud systems

    M: 661.877.8502


  • 3.  RE: Latest Oracle and KPMG Cloud Threat Report 2020

    Posted May 25, 2020 07:35:00 AM

    That is a very interesting observation, James. The report also suggests that last year 18% fully understood the Cloud Security Shared Responsibility Model. It makes me wonder if the model becomes more sophisticated or IT security executives spend less time on that particular issue.

    Regarding your question, I would say 20% preparation/education and 80% execution. I'm a firm believer in planing the work, then work the plan.

    Cyber Security Manager
    SNC Lavalin