By: Story Tweedie-Yates, Senior Director of Product, Aqua Security
Cloud adoption has accelerated exponentially over the past few years, overwhelming organisations with the sheer number of configurations to govern for cloud services. The complexity of configurations for cloud services, whether in single or multi-cloud environments, often leads to configuration issues that can unnecessarily expose organisations to threats. Even a single cloud service can involve multiple users, roles, and permissions, alongside varying default connections to other services that can be turned on or off.
The management burden involved in managing these configurations, along with the potential ramifications of unresolved misconfigurations, increases exponentially in multi-cloud environments. All the while, the consequences of letting misconfigurations continue unresolved are all too real to ignore.
As we increasingly rely on technology, the complexity of a company’s IT infrastructure is also constantly intensifying. Companies are expanding their cloud footprint, going hybrid and multi-cloud, and adopting newly released technology. With rapid expansion comes misconfigurations – insufficient access restrictions, permissive storage policies, and publicly exposed assets. These are only a few of the common mistakes companies make when configuring their cloud infrastructure.
Unfortunately, the scale of the problem is mind-blowing. Ninety per cent of organisations are vulnerable to security breaches due to cloud misconfigurations, according to recent research.
So, what are the key considerations for organisations managing cloud expansion to minimise the risks posed by misconfigurations? And how can companies avoid becoming part of this as they configure their cloud infrastructure?
One of the main concerns is that organisations fail to fix cloud misconfiguration issues in a timely manner. Research also shows that small and medium-sized businesses averaged about 75 days to remediate or resolve their configuration issues after discovery, compared to an average of 88 days for larger organisations. In the meantime, attackers are quick to identify and target vulnerable hosts. According to recent research, 50 per cent of misconfigured Docker application programming interfaces (APIs) are attacked by botnets within 56 minutes of being set up. With the growing cloud footprint, it’s easy to be overwhelmed by the endless number of security issues being identified – especially if you are a large enterprise. Fortunately, technology solutions, such as multi-cloud security posture management solutions, can help you identify and remediate misconfigurations.
High-profile breaches that continue to hit global headlines on a regular basis often put cloud storage buckets in the centre of attention, yet companies still neglect to pay this category of cloud service as much attention as it requires. Often, the breach can happen when an administrator managing the service misconfigures access control settings, leaving the storage bucket accessible to anyone on the Internet. An overwhelming majority – 82.4 per cent – of the environments examined in the research had “open to the internet” issues, such as storage buckets without access control, making them especially susceptible to breaches.
Care about credentials
At a bare minimum, credential hygiene requires more attention across the board. Seventy-four per cent of organisations that were analysed are not practicing credentials rotation, while most had at least one issue with unused credentials. This is especially dangerous when adversaries are constantly reinventing their techniques to obtain cloud credentials.
Verify vulnerable services
Malicious actors are increasingly looking to exploit vulnerable container-related services in order to get initial access to your environment. For example, widespread cloud misconfiguration issues also affect Docker containers and Kubernetes. The report found more than 40 per cent of users had at least one misconfigured Docker API that took, on average, 65 days to remediate. On the Kubernetes front, a few users with ACL or network policy issues were found. Most of those issues were remediated within 65 days on average, which is a long time for attackers to notice and target the vulnerable host before the misconfiguration is fixed.
Cloud infrastructure is complex and difficult to configure properly. Even a single misconfiguration of cloud settings can lead to serious problems and headline-grabbing breaches. The good news is that the tracking and fixing of security risks across multiple clouds can be automated. In fact, 84 per cent of users reported that they were able to detect and remediate misconfiguration issues using platforms like a Cloud Security Posture Management tool. Ultimately, attackers do not discriminate and will exploit any service they can. Organisations can take these simple steps to ensure they are on the right side of the statistics.