Heimdal
article featured image

Contents:

Industry analysts have recently disclosed that many of the data breaches that make the headlines are the result of the exploitation of cloud misconfiguration mistakes, sometimes with devastating consequences.

Key Findings

The State of Cloud Security 2021 report reveals that 36% of organizations suffered a serious cloud security data leak or a breach in the past 12 months, and eight out of ten are worried that they’re vulnerable to a major data breach related to cloud misconfiguration. What’s more, 64% say the problem will get worse, or remain unchanged over the next year.

cloud misconfiguration

Image Source: State of Cloud Security 2021

The survey, which was conducted on 300 cloud professionals (including cloud engineers, security engineers, DevOps, and architects) also found that the primary causes of cloud misconfiguration cited are too many APIs and interfaces to govern (32%), a lack of controls and oversight (31%), a lack of policy awareness (27%), and negligence (23%). 21% said they are not checking Infrastructure as Code (IaC) prior to deployment, and 20% aren’t adequately monitoring their cloud environment for misconfiguration.

The adoption of infrastructure as code (IaC) presents cloud teams with the opportunity to shift left on cloud security and compliance and build security into cloud development, but there is a level of effort required. Implementing IaC security checks, mapping IaC rules to compliance controls, remediating IaC violations, and reconciling cloud runtime violations with the corresponding IaC templates requires engineering investment. IaC security burdens are amplified when automated IaC checks using policy as code aren’t used consistently across the organization.

Source

Challenges

According to Fugue, the leader in cloud security and compliance automation, and Sonatype, the leader in developer-friendly tools for software supply chain automation and security, traditional security challenges play a significant role in cloud security, such as alert fatigue (cited by 21%), false positives (27%), and human error (38%).

The demand for cloud security expertise continues to outpace supply – 36% cite challenges in hiring and retaining the cloud security experts and 35% cite challenges sufficiently training their cloud teams on security.

cloud misconfiguration - security issues

Image Source: State of Cloud Security 2021

With the nature of cloud threats constantly evolving and attacks becoming more sophisticated, there is no secret that threat actors are now employing automation to scan the Internet for misconfigured cloud resources in minutes. This places pressure on engineering and security teams to find and remediate them quickly. As a result, a vast majority of respondents (83%) are concerned their organization is at risk of a cloud-based data breach.

What Professionals Say They Need

The survey revealed that the lack of policies that work across the cloud development lifecycle (CDLC) from IaC through the runtime was cited as a significant issue, with 96% of organizations saying such a unified policy framework would be valuable. 47% said they need better visibility into their environments, and 43% agreed that automated compliance audits and approvals would help.

Author Profile

Cezarina Dinu

Head of Marketing Communications & PR

linkedin icon

Cezarina is the Head of Marketing Communications and PR within Heimdal® and a cybersecurity enthusiast who loves bringing her background in content marketing, UX, and data analysis together into one job. She has a fondness for all things SEO and is always open to receiving suggestions, comments, or questions.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE