98.6% of organisations have misconfigurations in their cloud environments

According to the 2022 Cloud (In)Security Report 68% of the organisations have external users with admin permissions to the cloud environment, which can lead to governance challenges and an increased risk of data exfiltration and exploits.

  • 1 year ago Posted in

While the convenience and ease of public cloud technology has had a major impact on enabling scalable business operations to work from anywhere and increase productivity everywhere, the risks around using cloud technology are still slowly being realised and calculated by many organisations as they experience related attacks. That’s according to the Cloud (In)Security research from Zscaler Threatlabz, which analyses cloud workload statistics from over 260 billion daily transactions globally across the Zscaler platform.

 

According to the report 98.6% of organisations have concerning misconfigurations that cause critical risks to data and infrastructure. This stat is alarming because the majority of cyberattacks on public clouds have been revealed to be due to misconfigurations rather than vulnerabilities. Cloud misconfiguration errors related to public access to storage buckets, account permissions, password storage and management, etc., have led to the exposure of billions of records.

 

Beyond misconfigurations and vulnerabilities, compromised accounts make up for 97.1% of organisations who use privileged user access controls without Multi Factor Authentication (MFA) enforcement. Gaining privileged account access to the cloud can enable hackers to bypass detection and launch a myriad of attacks, yet many organisations still don’t properly limit the privileges or access of servicing users and accounts or enforce MFA verification.

 

Additionally, 59.4% of organisations do not apply basic ransomware controls for cloud storage like MFA Delete and versioning. Amazon S3 Versioning enables multiple object variants to be kept in the same bucket so that when a file is modified both copies are saved for future recovery, comparison, and fidelity verification.

These figures show that organisations have to take  responsibility for configuring and maintaining their own cloud environment. While cloud environments are covered under a shared responsibility for security with the service provider, the proper configuration of these environments is the responsibility of every organisation. A cloud security posture management (CSPM) service can help identify misconfigurations, and coupled with cloud infrastructure entitlement management (CIEM), it can be used to identify permission issues and act as a logical progression from long-established identity and access management (IAM) and privilege access management (PAM) solutions built on least-privileged approaches.

New state-of-the-art data centre features Vultr’s first AMD GPU supercompute cluster.
Only a quarter (25%) think their approach to the cloud is carefully considered and successful.
Moving to AWS Cloud will enable The Co-operative Bank to adopt cutting edge IT Infrastructure.
The global airline group will upgrade the value of its data and get its AI & generative AI ready...
IONOS, a leading European digitalisation partner for small and medium-sized businesses (SMBs) and...
Businesses in the UK are risking slower development as they fail to fully embrace technologies that...
Talent and training partner, mthree, which supports major global tech, banking, and business...
TMF Group, a leading provider of critical administrative services for global businesses, turned to...