Cloud security is becoming increasingly important to enterprises, but a new report shows many firms are still slacking.
As more and more enterprises migrate to cloud, be that hybrid or otherwise, there are obligations on the part of the customer and the provider to share responsibility. Providers such as AWS, Microsoft Azure and Google Cloud Platform need to protect the infrastructure keeping things moving, while the customer needs to watch out for risky configurations, suspicious activity and host vulnerabilities.
A number of high-profile breaches involving public cloud environments, all relating to user negligence, took place this year.
A report from Palo Alto Networks’ Unit 42 threat research team shed light on what enterprises can improve on. Researchers examined threats from late May through the beginning of September this year to glean findings.
Faltering compliance
Looking at compliance, 32% of organisations publicly exposed at least one cloud storage device and 49% of databases are not encrypted. 32% of GDPR compliance checks fail, according to the research. With the California Consumer Privacy Act on the cards, many enterprises still have a lot to do.
According to Unit 42, 23% of organisations examined have hosts missing critical patches in the cloud, while 29% of organisations experienced potential account compromises. 27% allow root user activities and 41% of access keys have not been rotated in the last 90 days. With more third-party credential companies entering the fray, access hygiene needs to be implemented.
Cooling cloud security threats
As the cryptocurrency world becomes less feverish, crypto jacking is likely to become less of a threat. Diminishing value and better detection capabilities are the two main reasons for the decrease found by Unit 42. Future increases in price could lure cybercriminals back to this vector, though, so vigilance is encouraged.
Container adoption is also booming, with a third of organisations using native or managed Kubernetes orchestration and 25% leveraging managed services in the cloud such as Azure Kubernetes Service and Google Kubernetes Engine.
Unit 42 said enforcing multifactor authentication on all privileged user accounts is a must and IT teams should forbid the use of root accounts for run-of-the mill operations. A deny-all outbound firewall policy by default is also recommended by Unit 42, as well as continuous monitoring of north-south and east-west traffic.
To manage vulnerabilities, Unit 42 offered two pieces of advice: “correlate vulnerability data with resource configuration data to identify vulnerable hosts” and “correlate network traffic data to determine whether the vulnerabilities are exploitable and prioritise remediation accordingly”.
As cloud adoption looks set to increase into 2019, re-examining your organisation’s cloud security posture should be a major resolution for the new year.
Article Source: Ellen Tannam