Fears about the security and privacy of data stored in the cloud seem to have decreased somewhat over the years, perhaps because organizations have become more comfortable with the idea of entrusting service providers with their digital assets.
When it comes to security and the public cloud, however, organizations still have a lot to be concerned about, according to recent research.
For example, a report by RedLock shows that data breaches in the cloud will continue to rise, and identifies troubling trends concerning how organizations are approaching public cloud security. The study is based on research from the company’s Cloud Security Intelligence (CSI) team, which it describes as a group of elite security analysts, data scientists, and data engineers.
The study, “Cloud Security Trends,” spans research conducted from June through September 2017. The data is based on analysis across the company’s customer environments, which it said comprises more than five million resources that are processing petabytes of network traffic. In addition, the team also actively probed the Internet for vulnerabilities in public cloud computing environments.
Among the key findings were that data exposures are on the rise because organizations are failing to adhere to established security best practices.
For example, the report found that 53% of organizations using cloud storage services such as Amazon Simple Storage Service (Amazon S3) have inadvertently exposed one or more of these services to the public. That’s up from 40% in a similar study RedLock conducted in May 2017. This comes after Amazon published a warning on this topic to all of its customers, the report said.
Organizations can’t rely on security awareness training for users to avoid these kinds of mistakes, the researchers said. They need to have proactive configuration monitoring in place to detect issues as soon as they arise.
The team assessed the overall compliance posture of public cloud computing environments against industry standards such as the CIS Foundations and the PCI data security standard. On average, organizations fail 45% of CIS checks, and 46% of the violations were high severity issues such as network configurations that allow inbound SSH connections from the Internet. By comparison, organizations fail 48% of PCI checks, and 19% of the violations were high severity issues such as databases not being encrypted.
Vulnerabilities are being neglected in the cloud due to the fact that organizations are not able to leverage their existing vulnerability management investments, which lack context on constantly changing cloud resources. The researchers found that 81% of organizations are not managing host vulnerabilities in the cloud, opening them up to potential attacks or breaches.
Another problem is that risky users of public cloud services are “flying under the radar,” according to the report. The research team determined that administrative user accounts for public cloud computing environments have potentially been compromised at more than one third (38%) of organizations. Malicious actors could use these compromised accounts to infiltrate the cloud environments and cause tremendous damage to business operations.
Meanwhile, nefarious network activities are rampant, the study said. The research team discovered that 37% of databases are accepting inbound connection requests from the Internet, and 7% of those are receiving requests from suspicious IP addresses, indicating that they have been compromised.
Cloud attack “kill chains” are complex, the report noted, and require a holistic approach to cloud threat defense. The research team found a number of Kubernetes administrative consoles that were not password protected, creating a window of opportunity for hackers. It even found that many of these environments were leaking access credentials for various cloud environments.
To make matters worse, the report said, some of these environments had already been compromised to mine Bitcoins, which organizations were completely unaware of.
Overall, organizations are still falling behind in effectively protecting their public cloud computing environments, said Gaurav Kumar, CTO of RedLock and head of the CSI team.
As witnessed by recent incidents at organizations such as Viacom, OneLogin, Deep Root Analytics and Time Warner Cable, the threats are real and cyber criminals are actively targeting information left unsecured in the public cloud, Kumar said. It’s imperative for every organization to develop an effective and holistic strategy now to protect their public cloud computing environment, he said.
The report provided a number of best practices tips to help organizations prevent security breached in the public cloud. These include:
- Automatically discovering resources as they are created in public cloud computing environments.
- Monitoring configurations to ensure that they adhere to industry standards such as CIS and PCI.
- Considering auto-remediation workflows to immediately resolve issues.
- Continuously ingesting third-party vulnerability feeds into a cloud security monitoring solution to have centralized visibility with cloud-specific context.
- Correlating vulnerability data with cloud configuration and network traffic data to identify the riskiest assets, and determine whether the vulnerabilities are actually exploitable from the internet.
- Automatically classifying workloads to establish criticality of the host, and prioritize remediation accordingly.