Security News > 2023 > August > Research Eyes Misconfiguration Issues At Google, Amazon and Microsoft Cloud
Qualys report looks at how misconfiguration issues on cloud service providers help attackers gain access.
Cloud misconfiguration - incorrect control settings applied to both hardware and software elements in the cloud - are threat vectors that amplify the risk of data breaches.
A new report from cloud security vendor Qualys, authored by Travis Smith, vice president of the company's Threat Research Unit lifts the lid on risk factors for three major cloud service providers.
Smith wrote that Qualys researchers, analyzing misconfiguration issues at Amazon Web Services, Microsoft Azure and Google Cloud Platform, found that within Azure, 99% of the disks are either not encrypted or aren't using customer-managed keys that give users control of encryption keys that protect data in software as a service applications.
Smith wrote that since crypto mining malware is a threat to cloud environments, organizations should consider mitigating such controls to reduce their organizational risk in the cloud.
"The lesson from these data points is that almost every organization needs to better monitor cloud configurations," said Smith, adding that scans for CIS controls failed 34% of the time for AWS, 57% for Microsoft Azure and 60% for GCP. Figure A. "Even if you believe your cloud configurations are in order, the data tells us that not regularly confirming status is a risky bet. Scan the configurations often and make sure the settings are correct. It takes just one slip-up to accidentally open your organization's cloud to attackers," wrote Smith.
News URL
Related news
- Google Cloud to make MFA mandatory by the end of 2025 (source)
- Google Cloud to Enforce Multi-Factor Authentication by 2025 for All Users (source)
- All Google Cloud users will have to enable MFA by 2025 (source)
- Google Cloud Cybersecurity Forecast 2025: AI, geopolitics, and cybercrime take centre stage (source)
- Week in review: Microsoft patches actively exploited 0-days, Amazon and HSBC employee data leaked (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- CISA orders federal agencies to secure their Microsoft cloud environments (source)