Poor Configurations Account for 23 Percent of Cloud Security Violations

Poor Configurations Account for 23 Percent of Cloud Security Violations

According to a report by Accurics, poor managed service configurations accounted for 23 percent of cloud security violations. This information comes from the Cloud Cyber Resilience Reportwhich analyzed cloud-native infrastructure across hundreds of deployments of Accurics customers and users. The report revealed an increased adoption of managed infrastructure services and the emergence of new cloud watering hole attacks.

Our MSP Buyer’s Guide contains profiles on the top managed cloud service providers for AWS, Azure, and Google Cloud, as well as questions you should ask vendors and yourself before buying. We also offer an MSP Vendor Map that outlines those vendors in a Venn diagram to make it easy for you to select potential providers.

Accurics examined security risks and violations across cloud-native infrastructures. Of all the violations identified, 23 percent were due to poorly configured managed service offerings. This is largely the result of companies continuing to use default security profiles or configurations, which often contain excessive permissions.

The company also looked at how long it takes for businesses and IT teams to fix discovered issues. The survey found that the mean time to remediate issues for violations across all environments is 25 days. Violations in the pre-production stage of managed services required more than 51 days to fix.

In the company’s press release, Accurics’ co-foudner, CTO, and CISO Om Moolcandhani stated: “Cloud-native apps and services are more vital than ever before, and any risk in the infrastructure has critical implications. Our research indicates that teams are rapidly adopting managed services, which certainly increase productivity and maintain development velocity. However, these teams unfortunately aren’t keeping up with the associated risks – we see a reliance on using default security profiles and configurations, along with excessive permissions. Messaging services and FaaS are also entering a perilous phase of adoption, just as storage buckets experienced a few years ago. If history is any guide, we’ll start seeing more breaches through insecure configurations around these services.”

Download your copy of the Cloud Cyber Resilience Report here.

Daniel Hein