Plaintext: State of Multicloud, AppSec

Welcome back to Dark Reading in Plaintext, now coming to you as a weekly newsletter. In this issue of Plaintext, we look at the state of cloud security, specifically multiclouds, and also what may be next for application security.

Guide to Multicloud Security. Regardless of whose figure you cite — 64% (Nutanix), 92% (Flexera), or 43% (Dark Reading's State of Cloud Survey) — many organizations are looking at multiclouds. Cloud computing is a ubiquitous part of the IT landscape, but securing the cloud remains unwieldy and daunting. Multiple cloud platforms complicates things even more, such as data visibility and configuration management. The Microsoft Cloud Security Benchmark hit general availability today, with usage and configuration guidance for both Microsoft Azure and Amazon Web Services. MCSB has 172 automated checks for AWS and 93 for Azure. Microsoft plans to add checks for Google Cloud, next.

“Most organizations adopt a multicloud strategy out of a desire to avoid vendor lock-in or to take advantage of best-of-breed solutions.” (Michael Warrilow, Gartner)

Sea Change in AppSec. Less than a month after publishing an open letter calling for radical changes at the Open Web Application Security Project, longtime appsec advocate Mark Curphey has resigned from the OWASP board. Curphey plans to create a centrally-organized community to invest in a set of "sustainably high quality projects," he wrote in his resignation letter. While OWASP makes it possible for anyone with an idea to create a project and "the barrier to participate is essentially zero," he says a new community with a governance and funding model similar to the Linux Foundation's Open Source Security Foundation would provide more financial and logistical support to key projects. "It's not competitive, nor should it be, it's just different. Different horses for different courses as they say," Curphey wrote.

What We Are Reading

• Can we build a defensible Internet? Here's what needs to happen in 2023.
• About to negotiate for your security budget? Here's what to say to the CFO.
• The shared responsibility model between the cloud provider and customer is getting heavier.
• Looking back at what Omdia has to say about OpenText buying Micro Focus.

What We Heard On-Air

Tune in to our on-demand webinar?Managing Security in a Hybrid Cloud Environment?for insights on working in an environment with both cloud and on-premises systems.

"Complexity is the enemy of security." (Jake Williams, security researcher and IANS faculty)

From Our Library

Check out some of the latest reports from our?Dark Reading Library.

• Tech Insights Emerging Cyber Vulnerabilities That Every Enterprise Should Know About (Feb 2023)
• Dark Reading Research: State of Supply Chain Threats
• Tech Insights?Shoring Up the Software Supply Chain Across Enterprise Applications (March 2023)
• Dark Reading Research: How Enterprises Are Securing the Application Environment

On That Note

Cybersecurity requires being precise in the terms we use. This infosec vocabulary lesson from Bugcrowd's Casey Ellis may be almost two years old, but it is still one of the best ones out there.