Cloud misconfigurations have been rampant among major companies, and the problems in the multi-cloud environments persist despite advanced systems in their services.
According to Aqua Security, a team behind the cloud-native security released a report that over the period of 12 months, a large number of organizations were reportedly struggling to solve the cloud-based issues.
Even the Redmond giant, Microsoft is not exempted in the misconfiguration blunder after the problem cost them to lose 63Gb of sensitive information.
Cloud-Based Misconfigurations Are Widespread Among SMBs and Enterprises
The cloud infrastructure data that came from the industrial and technological firms were categorized into enterprises and SMBs. Moreover, the detected volume of the cloud services is the basis in this division.
According to the findings of Aqua Security, a meager record of less than one percent of the enterprise companies have solved the detected issues. On the other hand, the SMBs that managed to fix the issues accounted for only less than 8%.
Furthermore, despite that all ports are open worldwide, it took 24 days on average to fix 68% of the cloud-based problems. Over 50% of the firms have received alerts about the cloud-related hurdles.
Read Also : Misconfigured Box Account Probable Culprit In Confidential Data Leak Involving Apple, Other Tech Companies
The worse part revolves around the large enterprises wherein an 88-average day needs before the issue is completely fixed upon identifying the problem.
In the users part, more than 40% of them have at least recorded one misconfigured Docker API, and this took them 60 days on average to solve.
"When you consider that a single cloud misconfiguration can expose organizations to severe cyber risk, such as data breaches, resource hijacking, and denial of service attacks, the consequences of failing to address misconfiguration issues are all too real to ignore," Aqua Security's Team Nautilus lead data analyst Assaf Morag said in a report by Beta News.
Commonly, the report discovered that there are five types of cloud misconfigurations:
- storage (bucket/blob) misconfigurations
- identity and access management (IAM) misconfigurations
- data encryption issues
- exploitable services behind open ports
- container technology exploitation
Morag added that the team found out that the majority of companies have been straying from the security's centralized approach. Additionally, this also tackled the importance of cloud-native applications which gives people more freedom in the cloud environment.
Meanwhile, the security framework of the company will likely receive implications due to this misconfiguration. That's why the part of the development teams in providing efficient plans and actions to these services is vital to the companies.
Even Microsoft Did Not Escape Misconfiguration Blunder
In the last two weeks, Microsoft has been heavily challenged by a misconfigured cloud storage after a reported number of more than 3,800 files of 63GB of data have been exposed.
Toolbox reported although the January-September 2016 data was outdated, what's inside the files were highly confidential details of the company which includes the intellectual property (IP) of the huge firms.
Besides IP, the data that are being exposed could potentially be one of the following: product code, passwords, software products, business pitches, product descriptions, and more.
Related Article: 11,877 Android, 6,608 iOS Apps Exposed to Potential Hackers, Says Zimperium Report
This article is owned by Tech Times
Written by Joseph Henry