Inadequate access restrictions, permissive storage policies, and publicly exposed assets are just some of the mistakes companies make when configuring their cloud infrastructure. The scale of the problem is mind-blowing, with 90 percent of organizations vulnerable to security breaches due to cloud misconfiguration. Aqua’s Cloud Security report highlights the most common cloud configuration issues in real production environments.
Exploiting cloud configuration risks
With cloud adoption accelerating at a rapid pace, organizations are overwhelmed with too many configurations to take care of. Even one service will include users, roles, and permissions as well as different default connections with other services that can be turned on or off. Each of those configurations will come with certain consequences for the overall security posture of the organization.
The complexity of the environment is also steadily accelerating – companies are expanding their cloud footprint, going hybrid and multi-cloud, and adopting newly released services.
Over 12 months, our research team analyzed anonymized cloud infrastructure data from real production environments across hundreds of organizations. 2021 Cloud Security Report: Cloud Configuration Risks Exposed Provides insights to help organizations better understand the risks that come with stepping into multi-cloud environments as well as with recommendations on best practices for mitigating them.
So, what are the main findings from the report?
Organizations need to fix security issues faster
Most organizations fail to fix cloud misconfiguration issues in a timely manner. With a growing cloud footprint, it’s easy to identify countless security problems – especially if you’re a large enterprise. In our research, it took small and medium-sized businesses an average of about 75 days to fix or resolve their configuration issues after discovery, compared with an average of 88 days for larger organizations:
Storage misconfiguration is still a big problem
The cloud storage bucket continues to attract a lot of attention due to high-profile breaches that regularly make headlines. Typically, this happens when the administrator managing the service has misconfigured some security settings, leaving it open to the public. Of the environments tested, 82 percent had “open to the Internet” issues, making organizations more susceptible to breaches.
Credential hygiene needs more attention
While malicious actors are constantly re-inventing their techniques to obtain cloud credentials, 74 percent of organizations analyzed are not practicing credential rotation and most of them had at least one problem with unused credentials.
Pervasive cloud misconfiguration issues also affecting Docker containers and Kubernetes
Adversaries are increasingly exploiting vulnerable container-related services to gain early access to your environment.
The report found that more than 40 percent of users had at least one misconfigured Docker application programming interface (API), which took an average of 65 days to recover. On the Kubernetes front, some users were found with ACL or network policy issues. Most of those issues were resolved within an average of 65 days.
Cloud infrastructure is complex and difficult to configure properly, and a single misconfiguration of cloud settings can cause serious problems. The good news is that 84 percent of users reported that they were able to detect and correct misconfiguration issues using one. cloud security currency management Solution, which automates the tracking and fixing of security risks across multiple clouds.
For complete findings and best practices on cloud configuration, download 2021 cloud security report
basically . Published on business reporter
Credit: www.independent.co.uk /