Public Cloud Vulnerabilities Abound
- 1 of
-
Public Cloud Vulnerabilities Abound
New research indicates that lax approaches to security are exposing organizations to growing threats in their public cloud computing environments. -
Cloud Storage at Risk
53% of organizations have publicly exposed at least one cloud storage service, up from 40%. -
CIS Compliance Not Up to Snuff…
45% of checks for compliance with Center for Internet Security standards fail, and 46% of those violations are "high severity issues." -
…and Neither is PCI Compliance
48% of checks for compliance with the Payment Card Industry Data Security Standard fail, and 19% of those violations are "high severity issues." -
Cloud Workloads Elusive
Efforts to keep up with patching of host vulnerabilities in cloud computing environments are hampered by the fact that the average cloud workload only lasts 127 minutes. -
Letting Patches Slide
Consequently, 81% of organizations are not managing host vulnerabilities in the cloud. -
Compromise Abounds
38% of organizations have users whose accounts have potentially been compromised. -
Changes Fuel Vulnerability
89% of detected account compromises are due to changes in the activities the user performs. -
Ill-Advised Open Door Policy
37% of databases are accepting inbound connections from the internet. -
Letting Strangers In
7% of internet-facing databases are receiving requests from suspicious IP addresses, indicating that they have been compromised. -
More Encryption Needed
64% of databases are not encrypted, increasing the potential for exposure.
Cloud threat defense vendor RedLock created a "cloud security intelligence" team intended to research and identify public cloud threats and advise companies on cloud security best practices. A recent report on the CSI team's initial four months of research findings indicates that public cloud environments are riddled with avoidable threats and vulnerabilities despite providers' efforts to educate their customers, and the situation appears to be worsening. The team analyzed more than five million resources across RedLock's customer environments, and also actively probed the internet for vulnerabilities in public cloud computing environments. What it found were some disturbing holes in organizations' public cloud security practices. "Organizations are still falling behind in effectively protecting their public cloud computing environments," said Gaurav Kumar, CTO of RedLock and head of the CSI team. "As we've witnessed by recent incidents at organizations such as Viacom, OneLogin, Deep Root Analytics and Time Warner Cable, the threats are real, and cyber criminals are actively targeting information left unsecured in the public cloud. It's imperative for every organization to develop an effective and holistic strategy now to protect its public cloud computing environment." The full Cloud Security Trends Report can be downloaded here.