Infrastructure-as-a-service (IaaS) is the fastest-growing cloud segment, but IaaS misconfigurations frequently go unnoticed and put organizations at risk of data breaches, according to the "Cloud-Native: The Infrastructure-as-a-Service Adoption and Risk Report" from McAfee.
Key findings from the McAfee report included:
- 99 percent of IaaS misconfigurations go undetected.
- 90 percent of companies have experienced an IaaS security issue.
- 74 percent of companies are not equipped to audit for IaaS misconfigurations.
On average, companies experience close to 3,500 IaaS misconfiguration incidents per month, the McAfee report showed. With the right approach to IaaS, businesses can identify and address IaaS misconfigurations before they lead to data breaches.
How to Prevent IaaS Misconfigurations
McAfee offered the following recommendations to help businesses prevent IaaS misconfigurations:
- Build IaaS configuration auditing into the continuous integration/continuous deployment (CI/CD) process. Security tools that integrate with application and software development tools enable businesses to automate the IaaS configuration audit and correction process.
- Evaluate IaaS security protocols. Businesses can assess IaaS security controls against the entire attack chain to identify potential security gaps.
- Leverage cloud security tools and training. Cloud security tools and training provide employees with insights into cloud infrastructure so they can take the necessary steps to secure public cloud environments against cyberattacks.
Research shows that companies that secure cloud infrastructure with cloud-native security tools increase their use of the cloud and the benefits they gain from it, McAfee noted. As such, these businesses are well-equipped to address security with tools built for the cloud.