Misconfiguration is number one cloud security risk
Misconfigurations have been named the primary cause of cloud security issues in Trend Micro's research into cloud security, which highlights human error and complex deployments open the door to a wide range of cyber threats.
"No matter the cloud service or platform, the common theme we found is that misconfiguration continues to be one of the major pitfalls of cloud security, affecting both companies who subscribe to cloud services and users of software that are hosted on the cloud," say the authors of the report, titled Exploring Common Threats to Cloud Security.
The company’s cloud security solution, Cloud One – Conformity, identifies 230 million misconfigurations on average each day, proving this risk is prevalent and widespread.
Gartner has predicted that by 2021, over 75% of medium-sized and large organisations will have adopted multi-cloud or hybrid IT strategy, and as cloud platforms grow in popularity, IT and DevOps teams face additional challenges and uncertainties related to securing these environments.
Indi Sirinwasa, VP of Trend Micro Sub-Saharan Africa, says cloud-based operations have become the rule rather than the exception, and attackers have adapted to capitalise on misconfigured or mismanaged cloud environments.
“We believe migrating to the cloud can be the best way to fix security problems by redefining the corporate IT perimeter and endpoints. However, that can only happen if organisations follow the shared responsibility model for cloud security. Taking ownership of cloud data is paramount to its protection, and we’re here to help businesses succeed in that process.”
The research also revealed threats and security weaknesses in several key areas of cloud-based computing, which could put credentials and proprietary company data at risk. “Criminals capitalising on misconfigurations have targeted companies with ransomware, crypto-mining, e-skimming and data exfiltration,” he explains.
According to the company, misleading online tutorials have exacerbated the risk for some businesses, and have led to mismanaged cloud credentials and certificates. “IT teams can take advantage of cloud-native tools to help mitigate these risks, but they should not rely solely on these tools,” the report concludes.
Trend Micro offers several best practices to help secure cloud environments:
1. Always employ least privilege controls, and restrict access to only those who need it.
2. Understand the shared responsibility model, because although cloud providers have built-in security, customers are responsible for securing their own data.
3. Monitor for misconfigured and exposed systems. The right tools can quickly and easily identify misconfigurations in cloud environments.
4. Integrate security into the DevOps culture, as security should be built into this process from the start.