43% of cloud databases are currently unencrypted

2020-02-07 05:00

Palo Alto Networks released research showing how vulnerabilities in the development of cloud infrastructure are creating significant security risks.

The Unit 42 Cloud Threat Report: Spring 2020 investigates why cloud misconfigurations happen so frequently.

43% of cloud databases are not encrypted: Keeping data encrypted not only prevents attackers from reading stored information, it is a requirement of compliance standards, such as HIPAA. 60% of cloud storage services have logging disabled: Storage logging is critical when attempting to determine the scale of the damage in cloud incidents, such as the U.S. voter records leak in 2017 or the National Credit Federation data leak that same year.

Cybercrime groups are using the cloud for cryptojacking: Adversary groups likely associated with China, including Rocke, 8220 Mining Group and Pacha, are stealing cloud resources.

"It only takes one misconfiguration to compromise an entire cloud environment. We found 199,000 of them. The good news is infrastructure as code can offer security teams many benefits, such as enabling security to be injected early into the software development process and embedding it into the very building blocks of an organization's cloud infrastructure," said Matthew Chiodi, CSO of public cloud for Palo Alto Networks.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/48zCGbYYeEg/

#cloud #database