From the Editor

And the New Survey Says

The “Oracle and KPMG Cloud Threat Report” looks at trends and new concerns.

By Tom Haunert

January/February 2019

Having previously produced world-class security reports, Oracle and KPMG are due to release their next one in February 2019, based on extensive interviews with 450 companies.

I recently sat down with Greg Jensen, senior director of cloud security at Oracle, to talk about the data he’d just received from those interviews and what will make the “Oracle and KPMG Cloud Threat Report” different from other security reports. While some reports are based on metrics gathered by security vendors, others are survey-based.

“Oracle saw there was too little conversation about the security risks and challenges organizations are facing as they’re lifting and shifting their workloads to the cloud,” Jensen says. “We concluded we wanted to align with an industry partner such as KPMG to consolidate our research and findings.”

The 2019 report will confirm, for example, that companies are moving more and more of their sensitive data to the cloud. It also will delve into the issues of unsanctioned application use in the cloud, and it will look at the challenges of maintaining consistent security practices and configuration baselines both in the cloud and on premises. The 2019 report will also look at how ineffective patch management programs are having a negative impact on organizations, as well as how effectively leadership’s goals are being delivered in completed security projects.

Needed: A Broad View

I asked Jensen how Oracle expects people to use the report’s findings, and he surprised me.

“People should consume four or five different reports to get a broad overview of security risks,” he says. “Organizations need a variety of security information from a variety of sources, and the ‘Oracle and KPMG Cloud Threat Report’ can be a primary source of that security information. Informed security practitioners can then engage C-level leadership in conversations on risk, security, and compliance.”

In the next (March/April) issue of Oracle Magazine, look for more on the “Oracle and KPMG Cloud Threat Report” as well as articles on Oracle security technologies and cloud services.

Meanwhile, in this issue’s “Generation 2: Ready for Anything,” Kyle York, vice president of product strategy for Oracle Cloud Infrastructure, talks about Oracle’s next-generation cloud infrastructure in general and infrastructure security in particular—from the core to the user edge.

Next Steps

EXPLORE the “Oracle and KPMG Cloud Threat Report.”

LEARN more about Oracle Cloud security.

Photography by Bob Adler/Getty Images