If you guessed human error, you are half right. The other half is what the error involves …
Gartner predicts that by 2021, over 75% of midsize and large organizations will have adopted a multi-cloud or hybrid IT strategy. As cloud platforms become more prevalent, IT and DevOps teams face additional concerns and uncertainties related to securing their cloud instances.
Now, recent research on cloud security that highlights human error and complex deployments, has shown that misconfiguration of cloud subsystems can open the door to a wide range of cyber threats.
This newly-released report by Trend Micro Incorporated reaffirms that misconfigurations are the primary cause of cloud security issues. In fact, 230 million misconfigurations have been identified on average each day, proving this risk is prevalent and widespread.
Threats and security weaknesses were found in several key areas of cloud-based computing, which can put credentials and company secrets at risk. Criminals capitalizing on misconfigurations have targeted companies with ransomware, cryptomining, e-skimming and data exfiltration.
In addition, misleading online tutorials compounded the risk for some businesses, leading to mismanaged cloud credentials and certificates. IT teams can take advantage of cloud native tools to help mitigate these risks, but they should not rely solely on these tools, the report concludes.
According to Trend Micro, the following are several best practices to help secure cloud deployments:
- Employ least-privilege controls: restrict access to only those who need it
- Understand the Shared Responsibility Model: Although cloud providers have built-in security, customers are ultimately responsible for securing their own data
- Monitor for misconfigured and exposed systems: Tools should be used to identify misconfigurations in cloud environments
- Integrate security into DevOps culture: Security should be built into the DevOps process from the start
Said Greg Young, Vice President of cybersecurity, Trend Micro: “Cloud-based operations have become the rule rather than the exception, and cybercriminals have adapted to capitalize on misconfigured or mismanaged cloud environments. Migrating to the cloud can be the best way to fix security problems by redefining the corporate IT perimeter and endpoints. However, that can only happen if organizations follow the shared responsibility model for cloud security. Taking ownership of cloud data is paramount to its protection.”