Insufficient access restrictions, permissive storage policies, and publicly exposed assets are only a few of the mistakes companies make when configuring their cloud infrastructure. The scale of the problem is mind-blowing, with 90% of organizations being vulnerable to security breaches due to cloud misconfigurations. Aqua’s Cloud Security Report sheds light on the most common cloud configuration issues in real production environments.
Uncovering Cloud Configuration Risks
With cloud adoption accelerating at a rapid pace, organizations are overwhelmed with the sheer number of configurations to take care of. Even one service will involve users, roles and permissions, as well as varying default connections with other services that can be turned on or off. Each of those configurations will come with certain consequences to an organization’s overall security posture.
And the complexity of the environment is constantly intensifying – companies are expanding their cloud footprint, going hybrid and multi-cloud, and adopting newly released services.
Over 12 months, our research team analyzed anonymized cloud infrastructure data from real production environments across hundreds of organizations. “2021 Cloud Security Report: Cloud Configuration Risks Exposed” provides insights to help organizations better understand the risks that come with the move to multi-cloud environments as well as recommendations on best practices to mitigate them.
So, what are the key takeaways from the report?
Organizations need to fix security issues faster
The majority of organizations fail to fix cloud misconfiguration issues in a timely manner. With the growing cloud footprint, it’s easy to be overwhelmed by the endless number of security issues being identified – especially if you are a large enterprise. In our research, small and medium-sized businesses averaged about 75 days to remediate or resolve their configuration issues after discovery, compared to an average of 88 days for larger organizations:
Storage misconfigurations are still a major problem
Cloud storage buckets continue to attract a lot of attention due to high-profile breaches hitting headlines on a regular basis. Usually, this happens when the administrator managing the service misconfigured some security settings, leaving it open to the public. 82.4% of the environments examined had “open to the internet” issues, i.e., buckets exposed to the world, making the organizations susceptible to breaches.
Credential hygiene requires more attention
While malicious actors are constantly reinventing their techniques to obtain cloud credentials, 74% of organizations analyzed aren’t practicing credentials rotation and most of them had at least one issue with unused credentials.
Widespread cloud misconfiguration issues also affect Docker containers and Kubernetes
Adversaries are increasingly looking to exploit vulnerable container-related services in order to get initial access to your environment.
The report finds more than 40% of users had at least one misconfigured Docker application programming interface (API) that took, on average, 65 days to remediate. On the Kubernetes front, a few users with ACL or network policy issues were found. Most of those issues were remediated within 65 days on average.
Conclusion
Cloud infrastructure is complex and difficult to configure properly, and, as we saw, a single misconfiguration of cloud settings can lead to serious problems. The good news is that 84% of users reported that they were able to detect and remediate misconfiguration issues using a Cloud Security Posture Management solution, which automates the tracking and fixing of security risks across multiple clouds.
For complete findings and best practices on cloud configurations, download the 2021 Cloud Security Report.