Amid the global crisis due to the Coronavirus pandemic, more cloud security risks are floating around – making it easier for hackers
As the COVID-19 crisis accelerates, WFH is the new normal! With the majority of professionals working from home, it is exposing cybersecurity gaps – putting substantial financial pressure on organizations’ security fabric.
The pandemic forced the majority of organizations to shift their operations remotely. As a result, most IT and cloud professionals are worried about supporting their cloud environments security. The cloud security company, Fugue, has recently conducted a study, “State of Cloud Security” – to understand the gravity of widespread cyber-security issues. In association with Propeller Insights, 300 IT, security, and cloud professionals were surveyed –who uses Amazon Web Services, Google Cloud Platform, and Microsoft Azure. The participants include DevOps engineers, security engineers, cloud architects, DevSecOps engineers, etc. across different sectors.
The study found that 96% of the cloud engineering teams are now distributed and working remotely amid the worldwide outbreak. Nearly 83% of companies have had their employees completed the transition or are in the middle of it. Among the ones that are shifting, 84%are concerned about how the new security vulnerabilities can be tackled. Many issues could take amid the adoption of new access policies, devices, and networks – used for managing the cloud infrastructure from remote locations.
Almost 84% of IT professionals (high – 39.7% and somewhat – 44.3%) are worried if they’ve been hacked already and not aware of it. The cloud misconfiguration exploits are tricky to detect using regular security analysis tools. Another 28% of the respondents said that they’d suffered a significant cloud data breach –which they are aware of. Besides, 92% of professionals are concerned as their organization is vulnerable to cloud misconfiguration-and data breach – 47.3% are highly concerned, and 44.3% are somewhat concerned.
Phillip Merrick, CEO at Fugue as reported to have said, “What our survey reveals is that cloud misconfiguration not only remains the number one cause of data breaches in the cloud, the rapid global shift to 100% distributed teams is creating new risks for organizations and opportunities for malicious actors…Knowing your cloud infrastructure is secure at all times is already a major challenge for even the most sophisticated cloud customers, and the current crisis is compounding the problem.”
The report also noted that 33% of security engineers believe that cloud misconfigurations will increase over the next year, while 43% think things will remain the same. However, 24% cited data breaches related to cloud misconfigurations will decrease in their workplace.
Many a time, the security misconfigurations take place due to lack of awareness (52%), oversight and control issues (49%), multiple cloud APIs to govern (43%), and negligent behavior (32%). Thus, preventing the cloud data breach still remains a big challenge for security engineers. It is happening with almost every cloud team – with 73% reporting over ten incidents daily, 36% say they experience more than 100 times daily, and about 10% are suffering from over 500 per day. And, sadly, about 3% does not even know what their misconfiguration rate is.
To combat them, about 31% of teams are utilizing open source policy-as-code tool. While 39% still depend on typical manual reviews before the deployment. Another, 73% of IT engineers reported they only rely on manual processes to tackle automated threats. Most teams count on typical, manual processes to address their cloud problem. For malicious actors, it only takes a few minutes of their inception with automation tools to scan and find loopholes.
Undoubtedly, to manage the cloud misconfiguration correctly is a costly proposition. However, business leaders need to conduct rigorous manual audits to have their assets in place, safe and sound!