Identifies troubling trends concerning how organizations approach public cloud security
RedLock, the Cloud Threat Defense company, today released a new report based on research from its Cloud Security Intelligence (CSI) team – a group of elite security analysts, data scientists and data engineers. The latest “Cloud Security Trends” report spans research from June through September, 2017, providing a comprehensive view into major threats and vulnerabilities in public cloud computing environments despite cloud service providers’ efforts to educate organizations on shared security responsibilities.
In the second Cloud Security Trends report, the RedLock CSI team found that organizations are still falling behind in effectively protecting their public cloud computing environments
Among key findings in the new report, the RedLock CSI team found that:
Data exposures are on the rise because organizations are failing to adhere to established security best practices. For example, the report found that 53% of organizations using cloud storage services such as Amazon Simple Storage Service (Amazon S3) have inadvertently exposed one or more such service to the public (up from 40% in the May “Cloud Infrastructure Security Trends” report). This is after Amazon published a warning on this subject to all of its customers. Moreover, the research also revealed that 48% of PCI checks fail in public cloud computing environments.
Vulnerabilities are being neglected in the cloud due to the fact that organizations are unable to leverage their existing vulnerability management investments that lack context on constantly changing cloud resources. The RedLock CSI researchers found that 81% of organizations are not managing host vulnerabilities in the cloud, opening up the organization to potential attacks or breaches.
Risky users are flying under the radar. The research team determined that administrative user accounts for public cloud computing environments have potentially been compromised at 38% of organizations. Malicious actors could use these compromised accounts to infiltrate the cloud environments and cause tremendous damage to business operations.
Nefarious network activities are rampant. The RedLock CSI team discovered 37% of databases are accepting inbound connection requests from the internet, and 7% of those are receiving requests from suspicious IP addresses, indicating they’ve been compromised.
And cloud attack kill chains are complex and require a holistic approach to cloud threat defense. The research team found a number of Kubernetes administrative consoles that were not password protected, creating a window of opportunity for hackers. Researchers even found that many of these environments were leaking access credentials for various cloud environments. To make matters worse, some of these environments had already been compromised to mine Bitcoins, which organizations were completely unaware of.
“In our second Cloud Security Trends report, the RedLock CSI team found that organizations are still falling behind in effectively protecting their public cloud computing environments,” said Gaurav Kumar, CTO of RedLock and head of the CSI team. “As we’ve witnessed by recent incidents at organizations such as Viacom, OneLogin, Deep Root Analytics and Time Warner Cable, the threats are real and cybercriminals are actively targeting information left unsecured in the public cloud. It’s imperative for every organization to develop an effective and holistic strategy now to protect their public cloud computing environment.”
First unveiled in May, the RedLock CSI team’s mission is to enable organizations to confidently adopt public cloud computing by researching cloud threats and advising organizations on cloud security best practices. To date, it has discovered millions of exposed records that contain sensitive data belonging to dozens of organizations ranging from small businesses to Fortune 50 companies.
Download a copy of the full Cloud Security Trends Report here.