98.6% of organisations have misconfigurations in their cloud environments

According to the 2022 Cloud (In)Security Report 68% of the organisations have external users with admin permissions to the cloud environment, which can lead to governance challenges and an increased risk of data exfiltration and exploits.

  • 1 year ago Posted in

While the convenience and ease of public cloud technology has had a major impact on enabling scalable business operations to work from anywhere and increase productivity everywhere, the risks around using cloud technology are still slowly being realised and calculated by many organisations as they experience related attacks. That’s according to the Cloud (In)Security research from Zscaler Threatlabz, which analyses cloud workload statistics from over 260 billion daily transactions globally across the Zscaler platform.

 

According to the report 98.6% of organisations have concerning misconfigurations that cause critical risks to data and infrastructure. This stat is alarming because the majority of cyberattacks on public clouds have been revealed to be due to misconfigurations rather than vulnerabilities. Cloud misconfiguration errors related to public access to storage buckets, account permissions, password storage and management, etc., have led to the exposure of billions of records.

 

Beyond misconfigurations and vulnerabilities, compromised accounts make up for 97.1% of organisations who use privileged user access controls without Multi Factor Authentication (MFA) enforcement. Gaining privileged account access to the cloud can enable hackers to bypass detection and launch a myriad of attacks, yet many organisations still don’t properly limit the privileges or access of servicing users and accounts or enforce MFA verification.

 

Additionally, 59.4% of organisations do not apply basic ransomware controls for cloud storage like MFA Delete and versioning. Amazon S3 Versioning enables multiple object variants to be kept in the same bucket so that when a file is modified both copies are saved for future recovery, comparison, and fidelity verification.

These figures show that organisations have to take  responsibility for configuring and maintaining their own cloud environment. While cloud environments are covered under a shared responsibility for security with the service provider, the proper configuration of these environments is the responsibility of every organisation. A cloud security posture management (CSPM) service can help identify misconfigurations, and coupled with cloud infrastructure entitlement management (CIEM), it can be used to identify permission issues and act as a logical progression from long-established identity and access management (IAM) and privilege access management (PAM) solutions built on least-privileged approaches.

West Midlands Trains is owned by Transport UK. Operating London Northwestern Railway and West...
Wipro has completed the migration of ManpowerGroup's (NYSE: MAN) largest data centre in Europe to...
OVHcloud is opening of its first two public cloud ‘Local Zones’ with one site located in...
OVHcloud has released its executive report on the state of multi-cloud, examining the views of over...
SAP has introduced a comprehensive set of resources, services, and financial incentives to help...
According to a recent study by Citrix, 25% of organisations surveyed in the UK have already moved...
Machine learning and AI for the optimisation of cloud resources.
CMC Networks and ConnectiviTree (Europe) have signed a Co-Operation Agreement.