Security News > 2022 > April > Security Turbulence in the Cloud: Survey Says…

The mad dash to set up shop in the cloud can sometimes lead to stormy weather: There are, after all, beaucoup security challenges hidden behind the cloud's promise of blue skies.

As Prevailion CTO Nate Warfield enumerates, cloud marketplaces "Are rife with pre-built virtual machine images containing unpatched vulnerabilities, overly permissive firewall settings, and even malware and coin miners. Cloud providers don't take a proactive stance towards breach and compromise monitoring and, in many cases, won't even pass on notifications to their customers which they have received from external researchers."

In a 2020 survey of 2,064 Google Cloud buckets by Comparitech, 6 percent of all Google Cloud buckets were estimated to be misconfigured and left open to the public internet, for anyone to access their highly sensitive content.

Respondents ranked their other most-worrying cloud security threats as account compromise and stolen cloud credentials,; API vulnerabilities; advanced attacks against cloud providers; ransomware; cyberespionage/data theft; distributed denial of service; other malware; and cryptojacking.

It's important however not to fall into a false sense of security: In January 2021, the feds warned that cloud attacks were bypassing weaker two-factor authentication, such as schemes that use a code sent to a mobile phone via SMS. In terms of the top security tools that poll respondents plan to invest in, encryption for data at rest and data in transit took the lead, followed by identity access management and the adoption of self-managed security controls offered by cloud providers.

The top most-cited planned upgrade to cloud security in the poll was user-behavior analytics: i.e., the use of artificial intelligence and machine learning to analyze large datasets and identify patterns that signify security breaches.

News URL

https://threatpost.com/security-turbulence-in-the-cloud-survey-says/179437/