Additionally, remote-working arrangements may open gaps in identity and access management, among other compounded lapses.
In an analysis of just over one million configurations of cloud infrastructure in its user base, a cybersecurity firm has concluded that remote-working arrangements have increased the risk of cloud misconfiguration that could render organizations vulnerable to cyber threats.
Approximately 265,000 configurations—25% of the total number evaluated—harbored misconfigurations that could lead to unrestricted outbound access as well as access to network ports that could be used to gain unauthorized entry into an organization’s network.
The report by Horangi, a Singapore-headquartered cybersecurity company, has concluded that the widespread digital transformation in the region and rampant Work-from-Home network access may lead to the often-overlooked vulnerabilities of cloud misconfiguration. An increased reliance on virtual platforms and communications methods have also seen an uptick in phishing as well as ransomware attacks, leading to personal and important data information loss.
The report also includes other cloud-related vulnerabilities that could collectively impact the overall organizational security risk posture:
- Identity and Access Management (IAM)
- 88% of organizations in the study possessed unused IAM credentials while 63% had inactive users still registered in their database, raising risks of unauthorized access when credentials fall into the wrong hands.
- 56% of organizations in the study had users without Multi-Factor Authentication in their cloud systems, elevating risks related to identity compromise from brute force attacks or phishing.
- 97% of organizations in the study had permissions attached to users directly. As a best practice, organizations should assign permissions at a group level to streamline access management, and to avoid accidentally granting individuals higher privileges than intended.
- Network access control
- 84% of organizations in the study allowed unrestricted access to network ports that bad actors could leverage to launch attacks or to gain unauthorized access.
- Audit logging
- 78% of organizations in the study had gaps in their ability to audit changes to their infrastructure, causing them lack having full visibility across their entire cloud environment and limiting forensic investigation of breaches. Some 91% of organizations in the study also saw gaps in their monitoring of sensitive changes.
Are native cloud security services sufficient?
Cloud Service Providers (CSPs) offer any of two categories of application-level cloud security: Native Cloud Security and Third-Party Security, which are out-of-the-box solutions offered by non-CSPs that aim to address the shortfalls of the former.
According to Paul Hadjy, CEO and co-founder, Horangi: “While Native Cloud Security tools may be sufficient for businesses with a single cloud environment, third party options may be a more viable option for organizations that need to manage large or critical cloud workloads, and have multiple cloud service accounts. Third-Party Cloud Security can value-add to internet businesses in complex and highly regulated industries such as finance, healthcare, services and government, while being fully supported operationally to scale flexibly according to business needs and developments.”
Hadjy added that, in the new reality, IT leaders will need to re-focus efforts and investment on:
- remote-working security policies
- access control
- identity and access management
- privileged access management
- security awareness training
- endpoint protection
- data loss prevention
- supply chain risk concerns
For proactive identification and remediation of vulnerabilities, organizations can also employ Cloud Security Posture Management applications.