Report casts doubt on the effectiveness of the shared responsibility model of cloud security
Cloud data exposure – Organisations continue to leave assets deployed in the public cloud with services such as Amazon, Google and Microsoft routinely exposed and unprotected, with cloud estates now frequently breached through weak links such as neglected and unpatched internet-facing workloads, authentication issues and misconfigured storage buckets, according to a report.
Among other things, The Orca Security 2020 state of public cloud security report revealed a lack of attention to internet-facing workloads, a lack of attention to identity and access management, particularly for admin users, and a lack of attention to the information contained within internet-facing workloads.
In effect, this means a great number of businesses are doing the equivalent of handing over their car keys to a joyrider – giving cyber criminals carte blanche to move laterally inside their environments.
“While organisations must secure their entire estate, attackers only need to find a single weak link to exploit,” said Avi Shua, Orca Security CEO and co-founder.
“It’s imperative for organisations to have 100% public cloud visibility and know about all neglected assets, weak passwords, authentication issues and misconfigurations to prioritise and fix. The Orca Security 2020 state of public cloud security report shows how just one gap in cloud coverage can lead to devastating data breaches.”
Orca’s findings would appear to cast some doubt on the effectiveness of the shared responsibility cloud security model – even though public cloud providers do their utmost to keep their platforms secure, customers retain responsibility for securing the workloads, data and processes they run in the cloud, just as they would if their IT estate was still on-premise. But this message seems to be lost all too frequently, and the problem is compounded by a lack of visibility among IT and security teams of what assets are being put in the cloud.