Misconfigured cloud-based databases continue to cause data breaches, millions of database servers are currently exposed across cloud providers.
Fugue’s new State of Cloud Security 2020 report reveals that misconfigured cloud-based databases continue to pose a severe security risk to organizations.
Cloud misconfiguration remains the top cause of data breaches in the cloud, and the ongoing COVID-19 pandemic is is exacerbating the situation. Almost any organization believes that the transition to cloud infrastructure has created new security vulnerabilities, 84% are concerned they’ve been compromised and don’t know it, while 28% have already been already hacked and are aware of the attack.
Unfortunately, even if the awareness of the security risk has increased, companies are not able to avoid exposing their cloud servers online due to a misconfiguration or a security breach.
According to the report, the top causes of Cloud Misconfiguration were the lack of awareness of cloud security and policies (52%), the lack of adequate controls and oversight (49%), the presence of too many APIs and interfaces to adequately govern (43%), and negligent insider behavior (32%).
When dealing with challenges in managing Cloud misconfiguration 46% of surveyed organizations believe that Human error in missing critical misconfigurations is the main issue, while 45% believe that human error when remediating critical misconfiguration represents a major problem to address. 43% of the organizations face difficulties in training team members on misconfigurations.
The misconfigurations have a great impact on the companies in term of cost of managing Cloud Misconfiguration. 47% of the surveyed organizations spend more than 50 hours per week teams in addressing the problem.
The majority of the organizations believe that they need automated detection and remediation to address
Cloud Misconfiguration (95%), while 30% aims at obtaining a better visibility into cloud infrastructure.
Most of the incidents are caused by unauthorized access to instance or databases (52%), while object storage breaches account for 32% of the incidents.
Let’s close with the type of Cloud Misconfigurations, according to the survey, 44% are related to Security Group Rules (or firewall rules), 40% Identity and Access Management, 36% are related to encryption at rest which is disabled.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, Cloud misconfiguration)
Share On
Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at “Cyber Defense Magazine”, Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog “Security Affairs” recently named a Top National Security Resource for US. Pierluigi is a member of the “The Hacker News” team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books “The Deep Dark Web” and “Digital Virtual Currency and Bitcoin”.
Misconfigured cloud-based databases continue to cause data breaches, millions of database servers are currently exposed across cloud providers.
Fugue’s new State of Cloud Security 2020 report reveals that misconfigured cloud-based databases continue to pose a severe security risk to organizations.
Cloud misconfiguration remains the top cause of data breaches in the cloud, and the ongoing COVID-19 pandemic is is exacerbating the situation. Almost any organization believes that the transition to cloud infrastructure has created new security vulnerabilities, 84% are concerned they’ve been compromised and don’t know it, while 28% have already been already hacked and are aware of the attack.
Unfortunately, even if the awareness of the security risk has increased, companies are not able to avoid exposing their cloud servers online due to a misconfiguration or a security breach.
According to the report, the top causes of Cloud Misconfiguration were the lack of awareness of cloud security and policies (52%), the lack of adequate controls and oversight (49%), the presence of too many APIs and interfaces to adequately govern (43%), and negligent insider behavior (32%).
When dealing with challenges in managing Cloud misconfiguration 46% of surveyed organizations believe that Human error in missing critical misconfigurations is the main issue, while 45% believe that human error when remediating critical misconfiguration represents a major problem to address. 43% of the organizations face difficulties in training team members on misconfigurations.
The misconfigurations have a great impact on the companies in term of cost of managing Cloud Misconfiguration. 47% of the surveyed organizations spend more than 50 hours per week teams in addressing the problem.
The majority of the organizations believe that they need automated detection and remediation to address
Cloud Misconfiguration (95%), while 30% aims at obtaining a better visibility into cloud infrastructure.
Most of the incidents are caused by unauthorized access to instance or databases (52%), while object storage breaches account for 32% of the incidents.
Let’s close with the type of Cloud Misconfigurations, according to the survey, 44% are related to Security Group Rules (or firewall rules), 40% Identity and Access Management, 36% are related to encryption at rest which is disabled.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, Cloud misconfiguration)