2023年首席信息安全官報(bào)告（英）

The

conver

gence

of

obser

vais

critical

to

realizing

Dev

SeDynatrace

CISO

repor

t202

3IntroductionWhat's

insideCHAPTER

1Organizations

are

increasingly

adopting

DevSecOps

practicesto

drive

faster

innovation

without

amplifying

security

risk.These

practices

unite

development,

security,

and

operationsteams

andempower

them

to

deliver

more

secure

softwareatevery

stageof

the

development

lifecycle.This

reportexplores

these

challenges

andhighlights

how

chiefinformation

security

officers(CISOs)

canovercome

them

byunifying

observability

andsecurity

to

supportmore

effectivedata-driven

DevSecOps

automation.Increased

complexity

makes

cloudenvironments

more

difficult

to

secureCHAPTER

2Fragmented

tool

sets

and

manualapplication

security

processes

erodeconfidence

and

productivityMost

of

these

effortsremain

relatively

immature,

however,as

development,

security,

and

operations

teams

continue

towork

in

silos

andrely

on

their

own

patchwork

of

point

toolsto

manage

their

individual

tasks.Further,

teams

move

securityresponsibilities

to

development

and

pre-production

(alsoknown

as

“shifting

left”)andverify

security

for

applicationsdeployed

in

production

runtimes

(or

“shifting

right”)

inisolation,

rather

than

as

acollective

effort.These

activitiescancreate

inefficiencies

that

undercut

DevSecOpseffectiveness.

Critical

vulnerabilities

canalso

escapeintoproduction

more

easily

andoften,exposing

the

organizationto

unnecessary

risk.SecCHAPTER

3Modern

development

and

deliverypractices

make

it

difficult

to

get

aheadof

zero-day

vulnerabilitiesDevOpsCHAPTER

4Tool

sprawl

and

team

silos

hinderDevSecOps

practicesCHAPTER

5DevSecOps

practices

remain

immatureCONCLUSIONThe

Dynatrace

differenceAPPENDIXMethodology

and

global

data

summaryDynatrace

2023

CISO

Report|2CHAPTER

1Increased

complexity

makes

cloud

environments

more

difficult

to

secureAs

digital

transformation

continues

to

accelerate,

the

cloud

applications

underpinning

today’sdigital

experiences

become

more

complex

anddistributed.

Not

only

that,

but

the

growingreliance

on

amix

of

homegrown,

proprietary,

andopen

source

code

makes

it

more

difficultto

manage

risk

throughout

the

softwaredevelopment

lifecycle.partnersto

remediate

flaws

in

productsthat

expose

anorganization

to

heightened

securityrisks.

To

supportthese

efforts,teams

needincreased

automation

andprecise

answers

thatidentify

andreveal

the

impactof

security

vulnerabilities

in

real

time.In

addition

to

identifying

vulnerabilities

in

open

source

libraries

and

custom

code,

developmentandsecurity

teams

must

prioritize

their

most

mission-critical

tasksandwork

with

theirof

CISOs

say

vulnerability

management

hasbecome

more

difficult

as

the

complexity

of

theirsoftware

supply

chain

and

cloud

ecosystem

hasincreased.of

CISOs

face

asignificant

challenge

in

minimizingrisk,

given

the

difficulty

of

working

with

vendorsto

identify

and

resolve

vulnerabilities

in

the

softwaresupply

chain.Dynatrace

2023

CISO

Report|383%

of

security

teams

don’t

have

access

to

afully

accurate

softwarebill77%of

CISOsof

materials

(SBOM)

in

real

time.say

it's

a

significantchallenge

to

prioritizevulnerabilities

becauseof

alack

of

informationabout

the

risk

they

poseto

their

environment.27%

of

CISOs

say

it

would

beimpossible

to

create

afully

accurate

SBOMbecause

their

environment

changes

constantly.88%

of

CISOs

say

vulnerability

management

would

beeasier

if

solutions

combinedapplication

runtime

context

with

vulnerability

analysis

andrisk

impactassessment.Dynatrace

2023

CISO

Report|4CHAPTER

2Fragmented

tool

sets

and

manualapplication

security

processes

erodeconfidence

and

productivityMost

organizations

have

adopted

multiple

solutions

to

keep

applications

secure,

but

many

ofthese

tools

weren’t

designed

for

the

complexities

of

today’s

cloud-native

software.

Therelianceon

fragmented

tools

anddata,

lack

of

system

context,

andmanual

analytics

make

it

difficult

toproactively

respond

to

security

incidents.62%

of

organizationsuse

four

or

more

solutionsto

maintain

the

securityof

their

applications.Even

machine

learning

solutions

can’t

keep

up,

as

they

only

provide

answers

as

good

as

thedata

they

ingest,

which

oftenresults

in

false

positives

andduplicate

alerts.Organizations

needamore

automated

andintelligent

approach

to

application

security,

so

they

canunderstandtheir

risk

exposure

in

real

time

anddirectteams

to

the

issues

that

matter

most.Dynatrace

2023

CISO

Report|5The

most

commonly

used

application

security

solutions

include

the

following:63%Cloud

security(e.g.,

CNAPP,

CWPP,

CSPM,

CIEM)57%Web

application

firewallSecuritytesting

tools

(e.g.,

SAST/IAST/DAST)Real-time

attackdetectionandblockingRuntime

application

self-protectionEndpoint

protection53%48%43%39%37%Runtime

vulnerability

managementVulnerability

scanners33%25%SIEM/log

analyticsDynatrace

2023

CISO

Report|6Security

tasks

remain

manual

and

error-prone.Of

the

vulnerability

alertsthat

securityscanners

alone

flagas

"critical,"

58%

areconsidered

not

importantin

production,wasting

valuable

development

timechasing

down

false

positives.On

average,

each

member

of

developmentand

application

security

teams

spends

nearlyathird

(28%)

of

their

time

—or

11

hours

eachweek

—on

vulnerability

management

tasksthat

could

beautomated.*Only

50%

of

CISOs

are

fully

confidentthat

applications

have

been

completelytested

for

vulnerabilities

before

going

livein

production.*Calculated

basedonthe

duration

ofthe

average

working

weekas

40

hoursDynatrace

2023

CISO

Report|7Ever

y

organization

experiences

challenges

using

log

analytics

to

conduct

security

forensics.The

most

common

challenges

include

the

following:of

CISOs

say

security

data

spansmultiple

platforms,

so

it's

difficultto

gain

context.of

CISOs

say

it

costs

too

muchto

capture

andretain

all

the

logsneededfor

effective

analysis,so

we

lack

acomplete

picture.of

CISOs

say

analysis

isof

CISOs

say

much

of

our

log

data

isunavailable

for

analytics

on

demand,as

it

is

archived.labor-intensive

and

time-consuming.Dynatrace

2023

CISO

Report|8CHAPTER

3Modern

development

and

deliver

y

practices

make

it

difficult

to

get

aheadof

zero

-day

vulnerabilitiesOpen

source

softwarelibraries

areinvaluable

in

helping

developers

accelerate

innovation

bybuilding

on

others’

coding

work

rather

than

startingevery

new

projecton

the

ground

floor.However,

the

community-led

nature

of

open

source

libraries

means

many

different

developerscanseeandchange

the

code.

That,

coupled

with

the

speed

of

modern

softwaredelivery,

makesit

easier

for

vulnerabilities

to

enter

live

applications.identify

andminimize

their

risk

exposure.

This

taskhasexceeded

human

capabilityas

thecomplexity

of

softwareecosystems

hasrisen,

leading

to

delays

that

could

leave

organizationsshortof

the

secure

governance

requirements

of

cyber-insurers

andauthorities.

Teams

needsolutions

that

automatically

detect,prioritize,

andrespond

to

zero-day

vulnerabilities

andblockattackswhile

the

problem

is

being

remediated,

without

distracting

them

from

innovation.Thediscovery

of

acritical

zero-day

vulnerability

(such

as

Log4Shell,

azero-day

attack

thatemerged

in

2021)

cansend

development

andsecurity

teams

into

crisis

modeas

they

work

to76%

61%

77%

56%

98%of

CISOs

say

the

timeit

takes

between

thediscovery

of

zero-dayattacksandtheir

ability

topatch

every

instance

is

asignificant

challengeof

CISOs

say

it’s

impossibleto

respond

to

zero-dayvulnerabilities

quicklyenough

to

eliminaterisk

entirely.of

organizations

have

aof

CISOs

who

don’t

havecyber-insurance

say

nothaving

all

the

relevantsecurity

controls

orof

CISOs

say

theirresponse

to

zero-dayvulnerabilities

hascyber-insurance

policy.changed

since

Log4Shell.solutions

required

tosecure

agood

premiumprevented

them

fromtaking

out

apolicy.to

minimizing

risk.Dynatrace

2023

CISO

Report|9The

ways

in

which

organizational

response

to

zero

-day

vulnerabilities

has

changedin

the

wake

of

Log4Shell

include

the

following:5

4%48%43%28%Adopted

solutions

to

bemoreefficientin

identifying

risk

exposureAdopted

solutions

to

bemoreeffectivein

prioritizing

vulnerabilitiesfor

teams

to

addressAdopted

solutions

to

automaticallyresolve

vulnerabilitiesas

soonas

theyarediscoveredAdopted

solutions

to

automatically

blockattacksagainstknown

vulnerabilitiesDynatrace

2023

CISO

Report|10CHAPTER

4Tool

sprawl

and

team

silos

hinder

DevSecOps

practicesAs

organizations

work

to

accelerate

their

transformation,

they

areincreasingly

embracing

amore

collaborative

DevSecOps

culturethat

encourages

development,

security,

andoperations

teams

to

work

together

toward

shared

goals.

However,

entrenchedpreferences

for

specific

point

solutions

within

different

teams

hinder

these

efforts,resulting

in

silos

andmultiple

versionsof

the

truth.

Theconvergence

of

observability

andsecurity

analytics

is

critical

to

overcoming

these

challenges,

by

uniting

teamsaround

asingle

source

of

truth

that

supportsDevSecOps

automation.of

CISOs

s

ay

development,

security,and

operations

teams

continue

to

relyon

their

own

point

solutions

rather

thanintegrated

platforms.of

CISOs

say

the

use

of

point

solutionsfor

specific

security

taskscreates

challenges.Dynatrace

2023

CISO

Report|11The

top

challenges

created

by

usiinclude

the

fo52%44%

40%Teams

spend

significant

timecontinuously

tuning

and

managingtools

to

ensure

they

are

effective.It

’s

difficult

to

guarantee

thatCorrelating

alertsfrom

differenttools

is

labor-intensive,

and

thereare

too

many

false

positives.security

controls

are

appliedcontinuously

to

all

software

assets.Team

silos

and

tool

fragmentation

continue

to

hinderDevSecOps

effectiveness.of

CISOs

say

teams’

individualpreferences

for

point

tools

reducethe

benefitsof

DevSecOps.of

CISOs

say

the

prevalenceof

team

silos

andpoint

solutionsthroughout

the

DevSecOps

lifecyclemakes

it

easier

for

vulnerabilitiesto

slip

into

production.of

CISOs

say

there

is

areal

concernthey

will

seemore

vulnerabilityexploits

in

their

environment

ifthey

do

not

find

away

to

makeDevSecOps

work

more

effectively.of

CISOs

say

DevSecOpswould

bemore

effective

if

allteams

worked

from

one

platformthat

was

intrinsically

integratedin

their

process.Dynatrace

2023

CISO

Report|13CHAPTER

5DevSecOps

practicesremain

immatureIn

addition

to

the

challenges

created

by

fragmentedtoolchains

andsiloed

teams,

organizations

arestruggling

to

achieve

the

mindset

shiftrequired

tomaximize

the

impactof

DevSecOps

approaches.

It’snot

enough

to

simply

make

developers

responsiblefor

security

in

pre-production.

They

must

also

beempowered

to

ensure

their

applications

continueto

run

securely

in

production

—that

is,

to

fosteraculture

among

developers

of

"You

build

it,

you

runit,

you

secure

it."12%of

organizations

have

amature

DevSecOps

culture.To

achieve

this,

organizations

needtechnologiesthat

canconnectdevelopment

andruntime

securityto

eliminate

blind

spots

andimprove

governancethroughout

the

softwaredelivery

lifecycle.

In

addition,these

technologies

should

enlist

trusted

AIandextensive

automation

to

minimize

the

manual

effortof

vulnerability

management

andfree

developers

tofocus

on

the

tasksthat

arecore

to

their

role,

unlockingthe

true

potential

of

DevSecOps.of

CISOs

admit

I

T,

development,

and

security

teamshandle

shif

t-lef

tand

shif

t-right

security

in

silos

ratherthan

as

ashared

responsibility.78%Dynatrace

2023

CISO

Report|14The

most

adopted

DevSecOps

practices

include

the

following:51%33%30%25%18%10%of

CISOs

say

securityis

partof

our

pre-releasegovernanceandquality

gating

process.of

CISOs

say

they

have

automatedhandoffsacross

functions

—such

as

auto-ticket

creation.of

CISOs

say

they

adhereto

a"You

build

it,you

run

it,you

secure

it"approach(development

teams

areresponsible

for

production,delivery,

andsecurity).of

CISOs

say

they

use

solutionsthat

give

teams

shared

visibilityandasingle

source

of

truth.of

CISOs

say

they

haveashared

prioritization

processto

avoid

siloed

thinking.of

CISOs

say

application

securityis

ashared

responsibilityamongdevelopment,

security,andoperations.Dynatrace

2023

CISO

Report|15CISOs

identified

the

top

ways

of

making

DevSecOps

more

effective:Ability

to

track

the

effectiveness

of

andadherence

to

security

governance

across

all

teams

—33%.Ability

to

access

observability

andsecurity

insights

throughout

the

lifecycle

—23%Increasing

the

use

of

automated

handoffsbetween

teams

(e.g.,

auto-ticket

creation)

—17%The

DynatraceOptimized

for

cloud-native

applications,

containers,

andKubernetes,

Dydetectsvulnerabilities

in

applications

at

runtime.

It

also

provides

real-timthat

exploit

critical

vulnerabilities.

It

removes

blind

spots

andhelps

ensureandit

provides

the

Csuite

with

confidence

in

the

seDynatrace

Application

SecurityIdentify

and

remediate

riskFocus

on

what

matters

withDavis

AI-assisted

prioritization:Gives

teams

the

preciseReduce

risk

with

runtimeapplication

protection:

Detectandblock

common

attacksonapplication

layer

vulnerabilities,such

as

injection

attacks.Protectagainstcritical

zero-day

attacktypeswhile

the

vulnerability

isbeing

remediated.Get

answers

when

you

needthem

with

log

audit

andwith

runtime

vulnerabilityanalysis:

Know

within

minuteswhen

acritical

applicationvulnerability

is

introduced

toproduction.

Confidently

implementcountermeasures

and

remediatewith

automated

analysis

ofruntime

context

andsecurityintelligence.forensics:

Reduce

the

cost

ofinvestigating

logs

related

to

asecurity

incident,

such

as

acriticalapplication

vulnerability.

Quicklyverify

what

happened,

leverageobservability

context

to

analyze,andtake

proactive

action.information

they

needto

resolvethe

most

critical

vulnerabilitiesfirst.Davis

AIuses

securityintelligence

andruntime

context

todetermine

risk

basedon

criteria

likeinternet

exposure.MethodoThis

report

is

based

on

a

global

survey

of

1,300

CISOs

in

largeby

Coleman

Parkes

and

commissioned

by

Dynatrace

in

MarchU.S.,

100

each

in

the

U.K.,

France,

Germany,

Spain,

Italy,

the

Neach

in

Singapore,

Malaysia,Global

data

summary:

U.S.

and

L

atin

A

mericaSampleincludes

200

respondents

from

the

U.S.

and50

respondents

from

each

of

Brazil

andMexico.Chapter

1:

Increased

complexity

makes

cloud

environments

more

difficult

to

secureU.S.BrazilMexicoCISOssayvulnerabilitymanagementhasbecomemoredifficultasthecomplexityoftheirsoftware

supplychainandcloudecosystemhasincreased.62%64%62%CISOsface

asignificantchallengeinminimizingrisk,giventhedifficultyofworkingwithvendorsto

identifyandresolvevulnerabilitiesinthesoftware

supplychain.72%77%22%76%92%66%68%26%76%92%76%82%30%90%92%Securityteamsdon’thave

access

to

afullyaccurate

software

billofmaterials(SBOM)inrealtime.CISOssayitwouldbeimpossibleto

create

afullyaccurate

SBOMbecausetheirenvironmentchangesconstantly.CISOssayit’s

asignificantchallengeto

prioritizevulnerabilitiesbecauseofalackofcontext

informationabouttherisktheyposeto

theirenvironment.CISOssayvulnerabilitymanagementwouldbeeasierifsolutionscombinedapplicationruntimecontextwithvulnerabilityanalysisandriskimpactassessment.Dynatrace

2023

CISO

Report|19Global

data

summary:

U.S.

and

L

atin

A

mericaChapter

2:

Fragmented

tool

sets

and

manual

application

security

processes

erode

confidence

and

productivityU.S.BrazilMexicoOrganizationsusefiveormoresolutionsto

maintainthesecurityoftheirapplications.42%32%34%Thepercentageofvulnerabilityalertsthatsecurityscannersflagascriticalwhichare

notactuallyimportant.56%30%58%57%30%56%55%29%42%Theaverage

amountoftimeeachmemberofdevelopmentandapplicationsecurityteamsspendsonvulnerabilitymanagementtasksthatcouldbeautomated.CISOsare

fullyconfidentthatthesoftware

deliveredby

developershasbeenfullytested

for

vulnerabilitiesbefore

goingliveinproductionenvironments.Dynatrace

2023

CISO

Report|20Global

data

summary:

U.S.

and

L

atin

A

mericaChapter

2:

Fragmented

tool

sets

and

manual

application

security

processes

erode

confidence

and

productivitySecuritysolutionsorganizationsmostcommonlyuseU.S.BrazilMexicoCloudsecurity(e.g.,

CNAPP,

CWPP,

CSPM,CIEM)Web

applicationfirewall(WAF)Securitytestingtools(e.g.,

SAST,

IAST,

DAST)Real-timeattackdetectionandblockingRuntimeapplicationself-protection(RASP)Endpointprotection62%64%60%56%60%45%43%41%41%39%24%64%68%56%46%30%48%26%4%62%62%54%40%30%38%34%30%RuntimevulnerabilitymanagementVulnerabilityscannersSIEM/loganalyticsDynatrace

2023

CISO

Report|21Global

data

summary:

U.S.

and

L

atin

A

mericaChapter

2:

Fragmented

tool

sets

and

manual

application

security

processes

erode

confidence

and

productivityChallengesorganizationsexperienceusingloganalyticsto

conductsecurityforensicsU.S.BrazilMexicoSecuritydataspansmultipleplatforms,soit's

difficultto

gaincontext.Itcoststoo

muchto

captureandretainallthelogsneededfor

effectiveanalysis,sowe

lackacompletepicture.Analysisislabor-intensiveandtime-consuming.56%68%62%46%44%32%36%42%28%38%48%34%Muchofourlogdataisunavailablefor

analyticsondemand,asitisarchived.Dynatrace

2023

CISO

Report|22Global

data

summary:

U.S.

and

L

atin

A

mericaChapter

3:

Modern

development

and

delivery

practices

make

it

difficultto

get

ahead

of

zero-day

vulnerabilitiesU.S.BrazilMexicoCISOssaythetimeittakes

betweenthediscoveryofzero-dayattacksandtheirabilityto

patch

every

instanceisasignificantchallengeto

minimizingrisk.75%72%94%CISOssayit’s

impossibleto

respondto

zero-dayvulnerabilitiesquicklyenoughto

eliminateriskentirely.Organizationshave

acyber-insurancepolicy.60%49%42%97%66%62%58%73%14%98%CISOswhodon’thave

cyber-insurancesaynothavingalltherelevantsecuritycontrolsorsolutionsrequiredto

secureagoodpremiumprevented

themfromtakingoutapolicy.24%CISOssaytheirresponseto

zero-dayvulnerabilitieshaschangedsinceLog4Shell.100%Dynatrace

2023

CISO

Report|23Global

data

summary:

U.S.

and

L

atin

A

mericaChapter

3:

Modern

development

and

delivery

practices

make

it

difficult

to

get

ahead

of

zero-day

vulnerabilitiesTheways

inwhichorganizationalresponseto

zero-dayvulnerabilitieshaschangedinthewake

of

Log4Shellincludethefollowing:U.S.BrazilMexicoAdoptedsolutionsto

bemoreefficientinidentifyingriskexposure56%54%52%Adoptedsolutionsto

bemoreeffectiveinprioritizingvulnerabilitiesfor

teamsto

addressAdoptedsolutionsto

automaticallyresolvevulnerabilitiesassoonastheyare

discoveredAdoptedsolutionsto

automaticallyblockattacksagainstknownvulnerabilities46%42%28%56%32%26%38%36%24%Dynatrace

2023

CISO

Report|24Global

data

summary:

U.S.

and

L

atin

A

mericaChapter

4:

Tool

sprawl

and

team

silos

hinder

DevSecOps

practicesU.S.BrazilMexicoCISOssaydevelopment,operations,andsecurityteamscontinueto

relyontheirownpointsolutionsratherthanintegratedplatforms.66%80%52%CISOssaytheuseofpointsolutionsfor

specificsecuritytaskscreates

challenges.98%72%76%82%94%98%70%90%78%94%100%76%62%72%94%CISOssayteams’individualpreferences

for

pointtoolsreducethebenefitsofDevSecOps.CISOssaytheprevalence

ofteamsilosandpointsolutionsthroughouttheDevSecOpslifecyclemakes

iteasierfor

vulnerabilitiesto

slipintoproduction.CISOssaythereisarealconcerntheywillseemorevulnerabilityexploitsintheirenvironmentiftheydonotfindaway

to

make

DevSecOpsworkmoreeffectively.CISOssayDevSecOpswouldbemoreeffectiveifallteamsworked

fromoneplatformthatwasintrinsicallyintegratedintheirprocess.Dynatrace

2023

CISO

Report|25Global

data

summary:

U.S.

and

L

atin

A

mericaChapter

4:

Tool

sprawl

and

team

silos

hinder

DevSecOps

practicesThetop

challengescreated

usingpointsecuritysolutionsincludethefollowing:U.S.BrazilMexicoTeams

spendsignificanttimecontinuouslytuningandmanagingtoolsto

ensuretheyare

effective.It’s

difficultto

guaranteethatsecuritycontrolsare

appliedcontinuouslyto

allsoftware

assets.Correlatingalertsfromdifferenttoolsislabor-intensive,andthereare

too

manyfalsepositives.53%48%52%46%39%58%38%50%38%Dynatrace

2023

CISO

Report|26Global

data

summary:

U.S.

and

L

atin

A

mericaChapter

5:

DevSecOps

practices

remain

immatureU.S.BrazilMexicoOrganizationshave

amatureDevSecOpsculture.13%10%10%CISOsadmitI

T,

development,andsecurityteamshandleshift-leftandshift-rightsecurityinsilosratherthanasasharedresponsibility.75%66%80%82%90%CISOssayautomationandAIare

criticalfor

asuccessfuldeploymentofDevSecOpsandovercomingresource

challenges.80%Dynatrace

2023

CISO

Report|27Global

data

summary:

U.S.

and

L

atin

A

mericaChapter

5:

DevSecOps

practices

remain

immatureThemostadoptedDevSecOpspracticesincludethefollowing:U.S.BrazilMexicoSecurityispartofourpre-releasegovernanceandqualitygatingprocess.We

have

automatedhandoffsacross

functions—suchasauto-ticket

creation.46%48%44%39%32%25%16%10%38%20%22%8%38%44%34%28%10%We

adhereto

a“You

buildit,you

runit,you

secureit”approach(developmentteamsare

responsiblefor

production,delivery,

andsecurity).We

usesolutionsthatgiveteamssharedvisibilityandasinglesource

oftruth.We

have

asharedprioritizationprocess

to

avoidsiloedthinking.Applicationsecurityisasharedresponsibilityamongdevelopment,security,

andoperations.12%Dynatrace

2023

CISO

Report|28Global

data

summary:

U.S.

and

L

atin

A

mericaChapter

5:

DevSecOps

practices

remain

immatureCISOsidentifiedthetop

threeways

of

makingDevSecOpsmore

effectiveU.S.BrazilMexicoAbilityto

tracktheeffectivenessofandadherenceto

securitygovernanceacross

allteamsAbilityto

access

observabilityandsecurityinsightsthroughoutthelifecycle35%42%18%26%20%14%8%20%30%Increasingtheuseofautomatedhandoffsbetweenteams—suchasauto-ticket

creationDynatrace

2023

CISO

Report|29Global

data

summary:

EuropeSampleincludes

100

respondents

from

each

of

the

U.K.,

France,

Germany,

Spain,

andItaly,

34from

Sweden,and33

from

Norway

andFinland.Chapter

1:

Increased

complexity

makes

cloud

environments

more

difficult

to

secureU.K.FranceGermanySpainItalySwedenNorwayFin