Data exposures are on the rise, while vulnerabilities are being neglected in the cloud, according to study conducted by RedLock Cloud Security Intelli
Data exposures are on the rise, while vulnerabilities are being neglected in the cloud, according to study conducted by RedLock Cloud Security Intelligence (CSI).
The researcher team studied threats across public cloud computing environments from June to September 2017. They stated their motivation in the report:
“The absence of a physical network boundary to the internet combined with the risk of accidental exposure by users with limited security expertise, increases the attack surface in the cloud by orders of magnitude.”
“It is imperative for organizations to develop an effective strategy to protect their Amazon Web Services (AWS), Microsoft Azure, and Google Cloud environments.”, as the authors added on page 2 of their report.
The study reached five major conclusions following from their investigation:
- Data exposures are on the rise
- Vulnerabilities are being neglected in the cloud
- Risky users are flying under the radar.
- Nefarious network activities are rampant
- Cloud attack kill chains are complex
As the CSI wrote, 53% of organizations publicly exposed at least one cloud storage service. At the same time, 45% of CIS compliance checks fails and 48% of PCI compliance checks fail.
“The RedLock CSI researchers discovered that 53% of organizations using cloud storage services such as Amazon Simple Storage Service (Amazon S3) had inadvertently exposed one or more such services to the public.”, as the study stated on page 5.
In addition, the CSI found that 37% of databases are accepting inbound connection requests from the internet.
“This is a very poor security practice as databases should never be directly exposed to the internet. To make matters worse, the research revealed that 7% of these databases are receiving requests from suspicious IP addresses which indicates that they have been compromised.”, according to the report.
The data in CSI`s report is based on analysis across RedLock’s customers’ environments which comprises of over five million resources that are processing petabytes of network traffic, as the report explained.
The full study can be found on the following link.