Cloud security professionals across the globe are concerned about the security of their cloud environments as several organizations are working remotely since the pandemic hit. The prevention of cloud misconfigurations remains a challenge for organizations that are swiftly adopting new access policies, networks, and devices used for managing cloud infrastructure remotely.
A survey “State of DevSecOps,” from Accurics revealed that misconfigured cloud storage services in 93% of cloud deployments led to over 200 breaches in the past two years, exposing more than 30 billion records. It also stressed that cloud data breaches are expected to increase in both velocity and scale. Around 91% of the cloud deployments evaluated had at least one major data breach and one in two (50%) deployments had unprotected credentials stored in container configuration files.
Other Key Findings include:
- Misconfigured cloud storage services are commonplace in a stunning 93% of the cloud deployments analyzed, and most also have at least one network exposure where a security group is left wide open.
- One emerging problem area is that despite the broad availability of tools, hardcoded private keys turned up in 72% of the deployments analyzed. Specifically, unprotected credentials stored in container configuration files were found in half of these deployments, which is an issue given that 84% of organizations use containers.
- Around 41% of the organizations had high privileges associated with the hardcoded keys and were used to provision compute resources; any breach involving these would expose all associated resources. Hardcoded keys have contributed to a number of cloud breaches.
- Network exposures resulting from misconfigured routing rules posed the greatest risk to all organizations. In 100% of deployments, an altered routing rule exposed a private subnet containing sensitive resources like databases, to the internet.
- Automated detection of risks paired with a manual approach to resolution is creating alert fatigue, and only 6% of issues are being addressed. An emerging practice known as Remediation as Code, in which the code to resolve the issue is automatically generated, is enabling organizations to address 80% of risks.
Accurics advised organizations to implement certain security practices like encrypting databases, rotating access keys, and implementing multi-factor authentication for enhanced cloud security.
The adoption of cloud native infrastructure such as containers, serverless, and service mesh is fueling innovation, misconfigurations are becoming commonplace and creating serious risk exposure for organizations. As cloud infrastructure becomes increasingly programmable, we believe that the most effective defense is to codify security into development pipelines and enforce it throughout the lifecycle of the infrastructure. The receptiveness of the developer community toward assuming more security responsibility has been encouraging and a step in the right direction
– Om Moolchandani, Accurics Co-founder & CTO
Misconfigurations Increase the Risks
A similar survey, “The State of Cloud Security 2020,” revealed that inadvertent database exposure continues to be a major risk for organizations, with misconfigurations exploited in 66% of reported attacks. Besides, 33% of organizations reported that attackers gained access through stolen cloud provider account credentials. A quarter of organizations stated that managing access to cloud accounts is a primary concern to them. Nearly 96% of respondents admitted that they face issues with their current level of cloud security, while 44% of respondents reported data breaches are the top security concern. Only one in four respondents stated lack of staff expertise as a top concern.