A recent report by Palo Alto Networks’ Unit 42 showed how supply chains have become a cloud security threat.
Indeed, it was found out that 63% of third-party code used in building cloud infrastructure had insecure configurations, which means that it is possible for hackers to infiltrate thousands of organizations’ cloud infrastructures. 96% of third-party container applications deployed in cloud infrastructure possess known vulnerabilities.
Besides, the study revealed that even a ‘mature’ cloud security posture can contain several critical misconfigurations and vulnerabilities. Cloud infrastructures can be targeted by unvetted third-party code that introduces security flaws allowing attackers access to sensitive data in the cloud environment.
It is then essential to reinforce DevOps and cloud-native applications security. DevOps and security teams need to gain visibility into the cloud workload so as to evaluate risk at every stage of the dependency chain and establish guardrails. Organizations also need to spend more on cloud security.