sommersby - stock.adobe.com
Organisations continue to leave assets deployed in the public cloud with services such as Amazon, Google and Microsoft routinely exposed and unprotected, with cloud estates now frequently breached through weak links such as neglected and unpatched internet-facing workloads, authentication issues and misconfigured storage buckets, according to a report.
Among other things, The Orca Security 2020 state of public cloud security report revealed a lack of attention to internet-facing workloads, a lack of attention to identity and access management, particularly for admin users, and a lack of attention to the information contained within internet-facing workloads.
In effect, this means a great number of businesses are doing the equivalent of handing over their car keys to a joyrider – giving cyber criminals carte blanche to move laterally inside their environments.
“While organisations must secure their entire estate, attackers only need to find a single weak link to exploit,” said Avi Shua, Orca Security CEO and co-founder.
“It’s imperative for organisations to have 100% public cloud visibility and know about all neglected assets, weak passwords, authentication issues and misconfigurations to prioritise and fix. The Orca Security 2020 state of public cloud security report shows how just one gap in cloud coverage can lead to devastating data breaches.”
Orca’s findings would appear to cast some doubt on the effectiveness of the shared responsibility cloud security model – even though public cloud providers do their utmost to keep their platforms secure, customers retain responsibility for securing the workloads, data and processes they run in the cloud, just as they would if their IT estate was still on-premise. But this message seems to be lost all too frequently, and the problem is compounded by a lack of visibility among IT and security teams of what assets are being put in the cloud.
Avi Shua, Orca Security
Orca said attackers were well aware of this and routinely looked for vulnerable frontline workloads to gain entry to cloud accounts and gain a foothold in their victims’ systems.
With 80% of organisations running workloads on unpatched and even unsupported operating systems, 60% running at least one internet-facing workload that has reached end-of-life, and 49% having at least one publicly accessible web server, this is easily done.
Malicious actors also stand a fair chance of having breached one of the 44% of organisations whose internet-facing workloads contain login credentials and other valuable information such as application programming interface (API) keys, letting them move laterally at their leisure through the wider environment, taking advantage of the fact that internal servers will probably have even less protection – 77% of organisations have at least 10% of their internal workloads in a neglected security state, said Orca.
The firm urged chief information security officers (CISOs) and IT teams to pay extra attention to ensuring 100% coverage of their cloud assets – particularly those deployed without their explicit knowledge – to patch constantly and invest in monitoring services, and to take action to reduce the risk of lateral movement through their IT environments, always assuming that internet-facing workloads will be breached.
Orca analysed data from over two million scans of 300,000 public cloud assets running on Amazon Web Services, Microsoft Azure and Google Cloud Platform (GCP) between 6 November 2019 and 4 June 2020 to compile its figures.
Read more about cloud security
- Cloud-based security tools can hasten threat detection and response, but adoption will depend on where an enterprise is on the cloud readiness scale.
- As more companies migrate to the cloud, they need to also invest in cyber security for their cloud computing, such as through better encryption and authentication tools.
- Cloud security readiness remains a shortcoming for companies despite the majority using cloud services. Here are three steps they can take to close the cloud security gap.