Many organizations are at risk of cloud data exposure as they shift their assets to public clouds.
Today most companies are transitioning their assets in public cloud environments like Google, Amazon, and Microsoft and are leaving several paths open for exploitation. According to “The State of the Union” report from Orca Security, more than 80% of organizations have at least one workload running on an unsupported operating system or have remained unpatched for 180 days or longer. The report studied data from about 2 million scans of 300,000 public-cloud assets of enterprises that have tested their security service.
Cloud estates are frequently breached via weak links that include misconfigured storage buckets, widespread authentication issues, ignored and unpatched internet-facing workloads, and discoverable secrets and credentials. Although companies are taking measures to secure their assets, cybercriminals look for a single weak link to high-impact data breaches.
Attackers look for vulnerable front line workloads to gain access to cloud accounts, following which they can expand within the environment. Even though public cloud platforms keep assets secure, customers are still responsible to secure the workloads, data, and processes they run inside the cloud.
Ensure full coverage for assets
Many companies depend on the installation and maintenance of security agents across all assets for cloud workload security. Cloud deployments are not always reported to the security teams which can result in missed vulnerabilities and attack vectors.
It is important for CISOs and IT leaders to focus on ensuring full coverage of their cloud assets and especially those deployed without their explicit knowledge. They need to be patched regularly and must be constantly monitored in order to reduce the risk of lateral movement through their IT environments.
The report notes that 60% of firms have at least one neglected internet-facing workload that has expired, and no longer supported by manufacturer security updates. Nearly half have at least one publicly accessible, unpatched web server, found the research.
Focus on authentication issues
Cybercriminals launch successful breach attacks in public cloud environments owing to weak security authentication. Several firms have internet-facing workloads containing secrets and credentials that include clear-text passwords and API keys that allow lateral movement across their environment. Furthermore, there are a few cloud accounts that do not use multi-factor authentication (MFA) for the admin user and have cloud assets accessible via non- corporate credentials.
More enterprises are moving to cloud services because of the pandemic. At the same time, hackers are also following businesses to the cloud and looking for ways to gather credentials from remote workers to gain access to companies’ public cloud infrastructure.
A series of weak links together can pose a serious risk to cloud security for any organization. It is essential for security leaders to better support their teams with the necessary tools, processes, and strategic guidance.