Even for those that do have budget available, poor risk decisions can further complicate cloud security.” Identity a key threat vector “Typically when we hear company executives estimate the number of identities on their cloud, they are talking about people that they have given access to data,” said Sonrai Security’s CISO Eric Kedrosky. “When considering the cloud, companies really need to focus on non-people identities – roles, service principles, serverless functions and other ‘things’ – that are given roles with access to sensitive data.

Read full article on Help Net Security