Cloud misconfiguration a growing cause of security incidents

Every organisation deploying Amazon Web Services (AWS) has experienced at least one security incident in its public cloud environment over the past year, with businesses’ rapid move to the cloud making secure configuration “nearly impossible”, according to threat detection and response specialist Vectra AI.

New research by the threat detection firm shows that AWS’s platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) offerings have become increasingly vital components for many enterprises during the pandemic, largely because of the flexibility and scalability they can bring in the context of widespread remote working.

According to the survey of 317 IT executives conducted by Vectra, 64% of organisations are deploying new AWS services on a weekly or daily basis, with 71% using four or more services, and only 29% using just its S3, IAM and EC2 services. It also found that 78% of organisations are running AWS across multiple regions, and 40% in at least three.

However, Vectra says enterprises’ rapid adoption of these AWS services has also led to the development of security blind spots within many organisations.

“Surprisingly, the survey shows that 30% of organisations surveyed don’t have formal deployment sign-off before pushing to production, and 40% have shared that they don’t have a DevSecOps workflow,” said the report, which added that 100% of the organisations surveyed had experienced a security incident on AWS in the past year.

“This shows that the cloud has expanded to such an extent that configuring it securely is nearly impossible,” it said. “And while a few applications can be configured to reach into the right services, with so many people having access to modify both the applications and services, the risk is multiplied by an order of magnitude.”

A further 71% of organisations said they have 10 or more users with the access and ability to modify the entire infrastructure in their AWS environments.

Within the context of Gartner’s prediction that over 99% of cloud breaches will have a root cause of customer misconfiguration or mistakes by 2025, the report added: “The reality is that securely configuring the cloud will remain a daunting task due to the sheer size, scale and continuous changes in workloads and infrastructure.”

However, it also said that most organisations are aware of their public cloud-related security deficiencies, with 71% saying they need monitoring and threat detection capabilities that are beyond the scope of what is currently available from providers such as AWS.

“Securing the cloud with confidence is nearly impossible due to its ever-changing nature,” said Matt Pieklik, senior consulting analyst at Vectra.

“To address this, companies need to limit the number of attack vectors malicious actors are able to take. This means creating formal sign-off processes, creating DevSecOps workflows and limiting the number of people that have access to their entire infrastructure as much as possible.

“Ultimately, companies need to provide security holistically, across regions and automate as many activities as possible to enhance their effectiveness.”

Separate research from Gartner showed that the worldwide IaaS market grew by 40.7% in 2020. The biggest names in the space include AWS, which had an IaaS market share of 44.6%, Microsoft with a 17.4% share, Alibaba with 8.8% and Google with 5.2%.