Netskope report reveals identity and access management top concern for I/PaaS deployments
The report says 71.5% of CIS Benchmark violations in AWS occur in the identity and access management category.
Netskope, the leader in cloud security, today announced the release of the Autumn 2018 Netskope Cloud Report on enterprise cloud service usage and trends.
According to the report, which analysed the Center for Internet Security's Benchmarks for Amazon Web Services (AWS), 71.5% of violations occur around identity and access management for AWS.
Public cloud infrastructure services like AWS have seen widespread adoption in enterprises, affirming the need for clear identity and access policies in place to ensure sensitive data is secure.
Insecure IAM exposes enterprises to risks
Several major, recent high-profile corporate breaches have been traced back to a misconfiguration of resources like S3 buckets, pointing to a major weakness in many enterprise I/PaaS security strategies. While many organisations have controls around cloud services such as multi-factor authentication and single sign-on solutions, porting the same types of controls over to cloud infrastructure like AWS often goes overlooked. Organisations are exposing themselves to significant security risks without addressing these gaps.
According to the report findings, many of the IAM violations found involve instance rules, role-based access controls, and access to resources or password policy requirements, simple fixes that enterprises can easily address even without an external security solution.
Additional CIS Benchmark violations by category included monitoring (19%), networking (5.9%) and logging (3.6%). In resource type violations, EC2 led the way at 66.2% of the violations, followed by CloudTrail (15.2%), S3 (10.9%), IAM (4.5%) and other (3.2%). In severity, 86.3% of violations were of medium severity, 9.1% high, 4% critical and 0.6% low.
Cloud DLP violations on the rise
Consistent with previous reports, most DLP violations still occur across cloud storage services (54%) and Webmail (35.3%), followed by collaboration services (10.1%) and other (including cloud infrastructure) at 0.6%. Cloud infrastructure DLP policies are on the rise due to the increase in use of these services.
In DLP violations by activity, uploads made up the majority with 55.3%, followed by downloads (32.4%), send (11.2%) and other (1.1%). The report also looked at I/PaaS DLP violations as a separate category to understand the areas and activities in which security teams are focusing their DLP policies. Similar to the entire category, download and upload were the major activities with violations, with 64.1% and 35.7%, respectively.
"As organisations increasingly adopt a multi-cloud approach, IT teams must continuously assess the security of their public cloud infrastructure and be aware of the data moving in and out of those services," said Sanjay Beri, founder and CEO, Netskope. "Enterprises should consider using the same security profiles, policies and controls across all services, SaaS, IaaS, and Web, in order to reduce overhead and complexity as the use of cloud services scales."
Average cloud services per enterprise by category
This quarter, the average number of cloud services per enterprise increased by 5.5% to 1 246, compared to 1 181 in the February 2018 report. The vast majority, 92.7% of these services are not enterprise-ready (NER), earning a rating of "medium" or below in the Netskope Cloud Confidence Index (CCI).
Similar to the February 2018 report, HR and marketing services are the most highly used in organisations in terms of average number, followed by collaboration services.
Average number of cloud services
IT service/application management
* Download the Netskope Cloud Report for more detailed analysis and to see the full list of the most widely used cloud services by enterprises.
* Learn more about how to gain visibility into enterprise cloud services and how to ensure they are secure and compliant.
* Visit the Netskope Hub for the latest commentary and insight on trends from the Netskope team.