98.6% of organisations have misconfigurations in their cloud environments

According to the 2022 Cloud (In)Security Report 68% of the organisations have external users with admin permissions to the cloud environment, which can lead to governance challenges and an increased risk of data exfiltration and exploits.

  • 1 year ago Posted in

While the convenience and ease of public cloud technology has had a major impact on enabling scalable business operations to work from anywhere and increase productivity everywhere, the risks around using cloud technology are still slowly being realised and calculated by many organisations as they experience related attacks. That’s according to the Cloud (In)Security research from Zscaler Threatlabz, which analyses cloud workload statistics from over 260 billion daily transactions globally across the Zscaler platform.

 

According to the report 98.6% of organisations have concerning misconfigurations that cause critical risks to data and infrastructure. This stat is alarming because the majority of cyberattacks on public clouds have been revealed to be due to misconfigurations rather than vulnerabilities. Cloud misconfiguration errors related to public access to storage buckets, account permissions, password storage and management, etc., have led to the exposure of billions of records.

 

Beyond misconfigurations and vulnerabilities, compromised accounts make up for 97.1% of organisations who use privileged user access controls without Multi Factor Authentication (MFA) enforcement. Gaining privileged account access to the cloud can enable hackers to bypass detection and launch a myriad of attacks, yet many organisations still don’t properly limit the privileges or access of servicing users and accounts or enforce MFA verification.

 

Additionally, 59.4% of organisations do not apply basic ransomware controls for cloud storage like MFA Delete and versioning. Amazon S3 Versioning enables multiple object variants to be kept in the same bucket so that when a file is modified both copies are saved for future recovery, comparison, and fidelity verification.

These figures show that organisations have to take  responsibility for configuring and maintaining their own cloud environment. While cloud environments are covered under a shared responsibility for security with the service provider, the proper configuration of these environments is the responsibility of every organisation. A cloud security posture management (CSPM) service can help identify misconfigurations, and coupled with cloud infrastructure entitlement management (CIEM), it can be used to identify permission issues and act as a logical progression from long-established identity and access management (IAM) and privilege access management (PAM) solutions built on least-privileged approaches.

TMF Group, a leading provider of critical administrative services for global businesses, turned to...
Strengthening its cloud credentials as part of its mission to champion the broader UK tech sector...
Node4 to the rescue.
On the morning of September 20, Executive Director of the Board of Huawei and CEO of Huawei Cloud...
Research released recently shows that 67% of IT decision makers favour a hybrid hosting...
New private cloud contract re-affirms HPE GreenLake Cloud as a core pillar of Barclays’ hybrid...
CAS leverages upgraded mission-critical private cloud environment to support cutting-edge,...
Data centres powering the UK economy will be designated as Critical National Infrastructure...