Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

End of Bibblio RCM includes -->

Firms Struggle to Secure Multicloud Misconfigurations

Half of companies had at least one case of having all ports open to the public, while more than a third had an exposed database.

Companies continue to struggle to correctly configure their cloud infrastructure, with small and midsize businesses (SMBs) fixing only an average of 40% of misconfiguration issues and enterprises fixing 70% of such issues, according to a new report from cloud security firm Aqua Security.

The report, based on anonymized data collected by Aqua Security over 12 months, shows that more than half of companies had ports open to the Internet, but they fixed only two-thirds of the misconfiguration issues. In addition, more than 82% of companies had an instance where their cloud storage was open to the public, and while 73% fixed the issues, it took an average of over two months to do so, with enterprises reporting more issues and taking longer to remediate them compared with SMBs.

Related Content:

Cloud-Native Businesses Struggle With Security

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: Cybersecurity: What Is Truly Essential?

The data demonstrates that companies face significant challenges in correctly configuring their cloud environments, undermining the security of their cloud infrastructure, says Ehud Amiri, senior director of product management at Aqua Security.

"The success and massive adoption of cloud and cloud native approaches [has] created the perfect storm," he says. "Cloud native is about componentizing the application. ... This is great for innovation and development velocity, but it comes with a price of a new and wider attack surface."

Overall, large enterprises typically had more issues and required longer to remediate them compared with SMBs, the report states. Yet the larger companies fixed a greater portion of their total issues overall. SMBs typically scanned up to hundreds of cloud resources, while enterprises scanned from hundreds to more than 100,000 resources.

The complexity of cloud and multicloud infrastructures are leaving companies, and their applications and data, open to compromise. Almost 80% of companies have suffered from a cloud data breach in the past 18 months, according to a survey conducted by IDC in June 2020. Two-thirds of businesses identified security misconfigurations as a top concern, while a lack of visibility into cloud activity and access concerned 64% of companies, according to the IDC survey.

While companies have accelerated their move to the cloud, the majority have more concerns regarding the security of their infrastructure, according to a recent survey.

"This complexity, in single or multi-cloud environments, often leads to service configuration issues that can unnecessarily expose organizations to threats — and the 'blast radius' of damage resulting from misconfigurations can be much greater than for the traditional OS or on-premises workloads," the Aqua Security report states.

Among the major misconfiguration issues for cloud infrastructure: data encryption. Almost three-quarters of businesses had unencrypted cloud services, while 30% had unencrypted databases and 39% had plaintext data in their traffic, according to the report. The issues took more than three months to fix, on average.

Docker containers also became a significant security risk for companies. Starting at the beginning of 2020, the volume of attacks targeting containers dramatically increased, the report states. Almost 41% of companies had a misconfigured Docker API, and 35% of companies had a permissive Kubernetes network policy. 

"Cyberattacks against cloud native environments often target and exploit vulnerable hosts," the report says. "The main threat posed by these attacks is crypto mining, a process that methodically siphons resources from unsuspecting victims — resources that would otherwise be used to support your business objectives."

The first step for companies should be to verify their cloud configurations and determine whether they have a problem by finding some way to gain continuous insight into the state of the cloud infrastructure, says Amiri.

"The most critical issue is the lack of detailed visibility and lack of understanding the context," he says. "And indeed, we see many organizations starting by leveraging tools to discover and analyze the context of configuration issues."

In addition, companies of any size should create a formal process for tracking and fixing security issues, Aqua Security says. In addition, access-control policies should be applied on a per-container basis rather than a single policy applied to multiple instances. 

"Without a good process, it’s easy to be overwhelmed by the endless number of security issues being identified," the report states. "Since smaller organizations usually have fewer monitored cloud resources, their security practitioners often have fewer issues to fix, but organizations of any size could benefit from an improved triage method."

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Comment  | 
Print  | 
More Insights
//Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-0560
PUBLISHED: 2023-01-28
A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. This issue affects some unknown processing of the file admin/practice_pdf.php. The manipulation of the argument id leads to sql injection. The attack may be initiated...
CVE-2023-0561
PUBLISHED: 2023-01-28
A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file /user/s.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The expl...
CVE-2023-23628
PUBLISHED: 2023-01-28
Metabase is an open source data analytics platform. Affected versions are subject to Exposure of Sensitive Information to an Unauthorized Actor. Sandboxed users shouldn't be able to view data about other Metabase users anywhere in the Metabase application. However, when a sandbox user views the sett...
CVE-2023-23629
PUBLISHED: 2023-01-28
Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the creator of that subscription. This allows someone with greater access to data to create a dashboard...
CVE-2023-23616
PUBLISHED: 2023-01-28
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to...