High-profile software supply chain attacks, such as SolarWinds and Kaseya VSA, have shed a glaring light on the disparity between agencies’ perceptions of security within their cloud infrastructure and the reality of supply chain threats that can impact business catastrophically. The federal government has responded with an Executive Order on Improving the Nation’s Cybersecurity, guidance such as the Cybersecurity and Infrastructure Security Agency (CISA) Cloud Technical Reference Architecture and the National Security Agency/CISA Kubernetes Hardening Guide.
In the recently released Unit 42 Cloud Threat Report, Palo Alto Networks researchers dive deep into the full scope of supply chain attacks in the cloud and explain often misunderstood details about how they occur. The research provides actionable recommendations government agencies can adopt immediately to begin protecting their software supply chains in the cloud.
