Cloud services have heralded a new era in IT. Their benefits are numerous, accelerating business through their ability to quickly scale, allow organisations to be agile with their resources, and provide new opportunities for collaboration.
Tumelo Mashego, business unit manager for security at Axiz, says that, as businesses of every type and size take advantage of the cloud, they can’t afford to forget about their most valuable asset – their data.
“When employing software-as-a-service (SaaS) businesses are responsible for the security of their data, and need to ensure it is accessed appropriately. Similarly, when using infrastructure-asa-service (IaaS) or platform-as-a-service (PaaS), they are also responsible for the security of their workloads, and need to ensure the underlying application and infrastructure components are not misconfigured.”
She says a recent report by McAfee, dubbed “Cloud Adoption and Risk Report 2019”,helps highlight areas of risk, so they can be mitigated, allowing businesses to take advantage of the cloud and accelerate business, without putting themselves at risk.
Through the analysis of billions of anonymised cloud events across a wide range set of large enterprises, helped the security giant understand the current state of how the cloud is being used, and where the risks lie. “Don’t forget that up to 25% of data in the cloud is sensitive, and that sharing of confidential data in the cloud has grown 53% year-over-year. If businesses don’t appropriately control access and protect their data from the slew of advanced threats out there, they are putting themselves at risk.”
Moreover, Mashego says ‘as-a-service’ providers, although they increase the productivity of developers and help businesses become exceptionally agile, are also endangering organisations.
“The research revealed that on average, enterprises have a minimum of 14 misconfigured IaaS instances running at any one time, which translates into in an average of 2 269 misconfiguration incidents every month.”
Another finding of great interest, he says, is that 5,5% of all AWS S3 buckets in use are misconfigured to be publicly readable.
“This alarming trend can only result in the immediate and massive-scale loss of data starting to happen. Enterprises have to get the basics right, or they risk losing the chance for business acceleration – before they even get started.”
Unsurprisingly, she says the vast majority of threats to data in the cloud occur from compromised accounts and the inevitable insider threat.
“This is why there has been a general drop in threats such as ransomware – cyber crooks are getting in using legitimate credentials. A staggering 80% of businesses will experience at least one compromised account threat in the cloud this month along. Worse, a whopping 92% currently have stolen cloud credentials for sale on the Dark Web.”