Security misconfigurations — not infrastructure vulnerabilities — are the most-common cause of successful public cloud attacks, according to research from cloud security company Zscaler.
Key findings from Zscaler's analysis of Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform workloads included:
- 92 percent of organizations do not log access to cloud storage.
- 63 percent do not use multi-factor authentication (MFA) for cloud access.
- 50 percent do not rotate their access keys periodically.
- 26 percent of workloads expose SecureShell (SSH) ports to the Internet.
- 20 percent of workloads expose remote desktop protocol (RDP) to the Internet.
Zscaler also detailed common cloud security problems among global organizations, including:
- Inadequate Logging and Monitoring: AWS CloudTrail, Azure Monitor and other tools are available that allow organizations to log and monitor activities across their cloud environments, but organizations often do not use these tools or maintain their logging beyond 90 days.
- Excessive User Permissions: Organizations frequently use hard-coded access keys in lieu of MFA and do not rotate these keys regularly.
- Poor Storage and Encryption: Cloud misconfigurations relating to loose access policies, a lack of encryption and other storage issues can result in publicly exposed cloud storage buckets.
Public cloud use is growing globally, Zscaler noted. If organizations configure their public cloud environments properly, they can minimize the risk of security incidents across these environments.
Tips to Avoid Public Cloud Security Misconfigurations
Approximately 99 percent of public cloud infrastructure-as-a-service (IaaS) misconfigurations go undetected, according to McAfee. However, there are several things that organizations can do to prevent these misconfigurations, such as:
- Use security tools that integrate with application and software development tools to automate the IaaS configuration audit and correction process
- Evaluate IaaS security controls against the entire attack chain to identify potential security gaps
- Provide employees with cloud security tools and training, so they can secure public cloud environments against cyberattacks
In addition, cloud-native security tools can help organizations guard against public cloud IaaS misconfigurations, McAfee indicated. Organizations can use these tools to secure their cloud environments against misconfigurations and other issues that can lead to data breaches.