Analysis of public cloud accounts across Amazon Web Services, Microsoft Azure, and Google Cloud Platform reveals a silver lining when it comes to the protection of cloud data.
New research shows that in the last year, 70% of organizations that use public cloud services experienced a security incident. These incidents included attacks from ransomware and other malware (50%), exposed data (29%), compromised accounts (25%), and cryptojacking (17%).
Ninety-six percent of these organizations are concerned about their current levels of cloud security, with data security being the top concern for 44% of them. It’s a good time to address the fundamentals of cloud security best practices: access to cloud environments and the protection of sensitive data.
Secure who gets in
Identity security represents a huge challenge for organizations. A review of cloud accounts by the Sophos Cloud Optix cloud security posture management service discovered worrying trends in organizations’ security posture as it relates to cloud account access, with 91% of organizations having over-privileged Identity and Access Management roles and 98% without MFA enabled on their cloud provider accounts.
Managing access to cloud accounts is an enormous challenge and yet only a quarter of organizations in our research saw it as a top area for concern, while a third reported that cybercriminals gained access by stealing cloud provider account credentials
Why securing access matters
Granting extensive access permissions to IAM users, groups, and cloud services is a risky practice. If such credentials get compromised, cybercriminals may gain access to any services and data those permissions grant. All user accounts should have MFA enabled, as it adds an extra layer of protection on top of usernames and passwords.
Secure what can get out
You won’t have to look far to find stories of shared storage-related data breaches caused by misconfiguration, where security settings with public read/list permissions had been enabled. AWS has even released an update to help customers from running afoul of this – one of the biggest causes of cloud data breaches. In our review of cloud accounts, we discovered that accidental data exposure through misconfigured storage services continues to plague organizations, with 60% leaving information unencrypted. Organizations are making it easy for attackers to search for and identify new targets.
The silver lining in all this is that the number of organizations exposing data to the public internet is declining, with Sophos Cloud Optix identifying that only 13% of organizations left database ports open to the internet and 18% of organizations had storage services with public read/list permissions enabled. Assuming there will always be use cases for public access being available, organizations are starting to close the door on this, the most common attack method for obtaining sensitive company and customer data.
Why secure configurations matter
Encryption is critical when it comes to stopping cybercriminals from seeing and reading stored information, and is a requirement for many compliance and security best-practice standards. “Public mode” – a setting that can be applied to databases, shared storage, and other cloud provider services – is a major cause of data breaches, and misconfiguring cloud services in “public mode” allows cybercriminals to automate their searches for security weak points. Guardrails should be in place to prevent such misconfigurations.
Think you know what you’ve got in the cloud?
Take control of your cloud security with a free inventory assessment and security check powered by Sophos Cloud Optix. Activate a free trial to get to get 30 days of commitment-free usage, including:
- Comprehensive inventory of everything you’ve got in the cloud: virtual machines, storage, containers, IAM roles, etc.
- Visualize IAM roles like never before and stop over-privileged access roles and stolen credentials from being exploited in cyberattacks
- Harden Amazon Web Services, Microsoft Azure, Google Cloud Platform, Kubernetes clusters, and Infrastructure-as-Code environments to reduce your surface area for attack
- Automatically detect security and compliance vulnerabilities, suspicious access, network traffic and cloud spend anomalies
- No agent, no install, no tie-in
Once you have a Cloud Optix account set up, follow the step-by-step instructions on the screen, which will walk you through adding your AWS, Azure, and GCP environments. For more information, read the Getting Started guide.