Only 1% of public cloud misconfigurations are caught, leaving companies open to data loss. Here’s how to stay protected.
IaaS Cloud-Infrastructure-as-a-Service (IaaS) is at a great risk for Cloud-Native Breaches, with 99% of misconfiguration incidents in public cloud environments going undetected, according to a McAfee report released today.
IaaS is the fastest-growing area of the cloud as a new default IT environment for internal and external-facing applications. But in the rush to adopt IaaS, many companies have overlooked the need for security, assuming the cloud provider was handling it.
As a result, there have been numerous Cloud-Native Breaches (CNB), which are an opportunistic attack on data left open by errors in how the cloud environment was configured, or misconfigurations.
The most popular IaaS providers are big-name companies including Amazon, Microsoft, Alibaba, Google, and IBM. However, the rush to adopt this growing technology leaves security as an afterthought, with 99% of cloud misconfigurations going undetected by companies, McAfee’s Cloud Native: The Infrastructure-as-a-service (IaaS) Adoption and Risk report found.
IaaS is a cloud computing model that can be rented by companies, in the form of storage, networking, and physical or virtual servers, as reported in ZDNet’s What is cloud computing? Everything you need to know about the cloud, explained. These systems are valuable for companies that want to develop applications themselves and control all aspects of their data.
The report, released on Tuesday, surveyed 1,000 enterprise organizations worldwide to determine the biggest IaaS security issues. Cloud misconfigurations dominated the threat landscape, leaving millions of consumer records and intellectual property vulnerable to theft.
“Cloud misconfiguration is one of the most preventable, yet common security issues cloud customers face,” said Sekhar Sarukkai, vice president of engineering for cloud security at McAfee. “Cloud misconfiguration refers to an error in how the cloud service was configured, which introduces risk to the organization and their data. Cloud infrastructure, or IaaS, is the most configurable, which introduces a higher risk of misconfiguration than SaaS.”
Only 1% of IaaS misconfigurations are known, the report found. While companies think they average 37 misconfigurations per month, they really experience 3,500. Even once the issues are made known, some 27% remain unresolved, and one quarter of respondents said it takes them more than one day to fix the issues.