Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


End of Bibblio RCM includes -->

Firms Struggle to Secure Multicloud Misconfigurations

Half of companies had at least one case of having all ports open to the public, while more than a third had an exposed database.

Companies continue to struggle to correctly configure their cloud infrastructure, with small and midsize businesses (SMBs) fixing only an average of 40% of misconfiguration issues and enterprises fixing 70% of such issues, according to a new report from cloud security firm Aqua Security.

The report, based on anonymized data collected by Aqua Security over 12 months, shows that more than half of companies had ports open to the Internet, but they fixed only two-thirds of the misconfiguration issues. In addition, more than 82% of companies had an instance where their cloud storage was open to the public, and while 73% fixed the issues, it took an average of over two months to do so, with enterprises reporting more issues and taking longer to remediate them compared with SMBs.

Related Content:

Cloud-Native Businesses Struggle With Security

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: Cybersecurity: What Is Truly Essential?

The data demonstrates that companies face significant challenges in correctly configuring their cloud environments, undermining the security of their cloud infrastructure, says Ehud Amiri, senior director of product management at Aqua Security.

"The success and massive adoption of cloud and cloud native approaches [has] created the perfect storm," he says. "Cloud native is about componentizing the application. ... This is great for innovation and development velocity, but it comes with a price of a new and wider attack surface."

Overall, large enterprises typically had more issues and required longer to remediate them compared with SMBs, the report states. Yet the larger companies fixed a greater portion of their total issues overall. SMBs typically scanned up to hundreds of cloud resources, while enterprises scanned from hundreds to more than 100,000 resources.

The complexity of cloud and multicloud infrastructures are leaving companies, and their applications and data, open to compromise. Almost 80% of companies have suffered from a cloud data breach in the past 18 months, according to a survey conducted by IDC in June 2020. Two-thirds of businesses identified security misconfigurations as a top concern, while a lack of visibility into cloud activity and access concerned 64% of companies, according to the IDC survey.

While companies have accelerated their move to the cloud, the majority have more concerns regarding the security of their infrastructure, according to a recent survey.

"This complexity, in single or multi-cloud environments, often leads to service configuration issues that can unnecessarily expose organizations to threats — and the 'blast radius' of damage resulting from misconfigurations can be much greater than for the traditional OS or on-premises workloads," the Aqua Security report states.

Among the major misconfiguration issues for cloud infrastructure: data encryption. Almost three-quarters of businesses had unencrypted cloud services, while 30% had unencrypted databases and 39% had plaintext data in their traffic, according to the report. The issues took more than three months to fix, on average.

Docker containers also became a significant security risk for companies. Starting at the beginning of 2020, the volume of attacks targeting containers dramatically increased, the report states. Almost 41% of companies had a misconfigured Docker API, and 35% of companies had a permissive Kubernetes network policy. 

"Cyberattacks against cloud native environments often target and exploit vulnerable hosts," the report says. "The main threat posed by these attacks is crypto mining, a process that methodically siphons resources from unsuspecting victims — resources that would otherwise be used to support your business objectives."

The first step for companies should be to verify their cloud configurations and determine whether they have a problem by finding some way to gain continuous insight into the state of the cloud infrastructure, says Amiri.

"The most critical issue is the lack of detailed visibility and lack of understanding the context," he says. "And indeed, we see many organizations starting by leveraging tools to discover and analyze the context of configuration issues."

In addition, companies of any size should create a formal process for tracking and fixing security issues, Aqua Security says. In addition, access-control policies should be applied on a per-container basis rather than a single policy applied to multiple instances. 

"Without a good process, it’s easy to be overwhelmed by the endless number of security issues being identified," the report states. "Since smaller organizations usually have fewer monitored cloud resources, their security practitioners often have fewer issues to fix, but organizations of any size could benefit from an improved triage method."

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-03-27
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.
PUBLISHED: 2023-03-27
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.
PUBLISHED: 2023-03-27
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
PUBLISHED: 2023-03-27
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
PUBLISHED: 2023-03-27
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.