Netskope report reveals identity and access management top concern for I/PaaS deployments
Report reveals 71.5% of CIS Benchmark violations in AWS occur in the Identity and Access Management category.
Netskope, the leader in cloud security, today announced the release of the Autumn 2018 Netskope Cloud Report on enterprise cloud service usage and trends.
According to the report, which analysed the Center for Internet Security's Benchmarks for Amazon Web Services (AWS), 71.5 % of violations occur around identity and access management for AWS. Public cloud infrastructure services such as AWS have seen widespread adoption in enterprises, affirming the need for clear identity and access policies to be in place to ensure sensitive data is secure.
Several recent high-profile corporate breaches have been traced back to a misconfiguration of resources like S3 buckets, pointing to a weakness in many enterprise I/PaaS security strategies. While many organisations have controls around cloud services, such as multifactor authentication and single sign-on solutions, porting the same types of controls over to cloud infrastructure like AWS often goes overlooked. Organisations are exposing themselves to significant security risks, by not addressing these gaps.
Puleng Technologies is one of the leading providers of data security, identity and access management architectures in South Africa and a Netskope partner. "We recognise that identity governance enables and secures digital identities for all users, applications and data," said Muhammed Mayet, Head of Security at Puleng. "The ability to provide controls and policies that extend across hybrid environments ensures a robust governance and compliance framework for access to critical services and data, irrespective of where these critical assets reside."
According to the report findings, many of the IAM violations found involve instance rules, role-based access controls, and access to resources or password policy requirements, simple fixes that enterprises can easily address even without an external security solution.
"As organisations increasingly adopt a multi-cloud approach, IT teams must continuously assess the security of their public cloud infrastructure and be aware of the data moving in and out of those services," said Sanjay Beri, founder and CEO, Netskope. "Enterprises should consider using the same security profiles, policies and controls across all services, SaaS, IaaS, and Web, to reduce overhead and complexity as the use of cloud services scales."
Additional CIS Benchmark violations by category included Monitoring (19%), Networking (5.9%) and Logging (3.6%). In resource type violations, EC2 led the way at 66.2% of the violations, followed by CloudTrail (15.2%), S3 (10.9% ), IAM (4.5%) and other (3.2%). In severity, 86.3% of violations were of medium severity, 9.1% high, 4% critical and 0.6% low.
Consistent with previous reports, most DLP violations still occur across cloud storage services (54%) and Web mail (35.3%), followed by collaboration services (10.1%) and other (including cloud infrastructure) at 0.6%. Cloud infrastructure DLP policies are on the rise due to the increase in use of these services.
This quarter, the average number of cloud services per enterprise increased by 5.5% to 1 246, compared to 1 181 in the February 2018 report. The vast majority, 92.7% of these services, are not enterprise-ready (NER), earning a rating of "medium" or below in the Netskope Cloud Confidence Index (CCI).
Similar to the February 2018 report, HR and marketing services are the most highly used in organisations regarding average number, followed by collaboration services.
Average number of cloud services
IT Service/Application Management
* Download the Netskope Cloud Report for more detailed analysis and to see the full list of the most widely used cloud services by enterprises.
* Learn more about how to gain visibility into enterprise cloud services and how to ensure they are secure and compliant.
* Visit the Netskope Hub for the latest commentary and insight on trends from the Netskope team.