That is a very interesting observation, James. The report also suggests that last year 18% fully understood the Cloud Security Shared Responsibility Model. It makes me wonder if the model becomes more sophisticated or IT security executives spend less time on that particular issue.
Regarding your question, I would say 20% preparation/education and 80% execution. I'm a firm believer in planing the work, then work the plan.
------------------------------
Tim Nedyalkov CCISО, CISSP, CCSP, CEH, CISA, CISM, CRISC, CGEIT
Cyber Security Manager
SNC Lavalin
------------------------------
Original Message:
Sent: May 22, 2020 09:59:20 AM
From: James Leone
Subject: Latest Oracle and KPMG Cloud Threat Report 2020
Thanks for sharing this Oliver.
The study cites that only 8 percent of IT security executives fully understand the cloud shared responsibility security model. This point resonates with me personally, I invest a lot of time educating up and across on this topic. In some cases, this uncertainty leads to breakdowns and exploits. In other cases, this leads to apprehension and unwillingness to venture into the cloud (which I believe ultimately hampers the velocity at which these companies can move).
Question to the community:
What percentage of your time is spent educating vs. executing?
James Leone, CISSP, CCSK
Cloud | Security | DevOps | IoT
Enabling organizations to rapidly develop and operate secure, cost-effective, & reliable, cloud systems
M: 661.877.8502
Original Message:
Sent: 5/22/2020 3:10:00 AM
From: Olivier Caleff
Subject: Latest Oracle and KPMG Cloud Threat Report 2020
The latest "Oracle and KPMG Cloud Threat Report" is worth reading.
It analyzes cloud adoption trends, the current threat landscape, and the benefits of configuration management automation.
Chapter headers:
- Cloud adoption expands and diversifies
- Cloud security readiness gaps
- Cloud configuration management challenges and ramifications
- Cloud configuration management via SecDevops
- Cyber attacks and business fraud
- High expectations at ML
Links:
Summary of he report ⇒ https://www.msspalert.com/cybersecurity-research/oracle-kpmg-threat-report/
Oracle Cloud Threat Reports (some good reading too) ⇒ https://www.oracle.com/cloud/cloud-threat-report/reports/
Direct link to the report (PDF) ⇒ https://www.oracle.com/a/ocom/docs/cloud/oracle-cloud-threat-report-2020.pdf
PS. I am neither related to Oracle nor to KPMG!
------------------------------
Olivier Caleff - CSA French Chapter - Chapter Leader - [email protected] - https://CloudSecurityAlliance.fr
------------------------------