Security News > 2023 > August > Research Eyes Misconfiguration Issues At Google, Amazon and Microsoft Cloud

Qualys report looks at how misconfiguration issues on cloud service providers help attackers gain access.

Cloud misconfiguration - incorrect control settings applied to both hardware and software elements in the cloud - are threat vectors that amplify the risk of data breaches.

A new report from cloud security vendor Qualys, authored by Travis Smith, vice president of the company's Threat Research Unit lifts the lid on risk factors for three major cloud service providers.

Smith wrote that Qualys researchers, analyzing misconfiguration issues at Amazon Web Services, Microsoft Azure and Google Cloud Platform, found that within Azure, 99% of the disks are either not encrypted or aren't using customer-managed keys that give users control of encryption keys that protect data in software as a service applications.

Smith wrote that since crypto mining malware is a threat to cloud environments, organizations should consider mitigating such controls to reduce their organizational risk in the cloud.

"The lesson from these data points is that almost every organization needs to better monitor cloud configurations," said Smith, adding that scans for CIS controls failed 34% of the time for AWS, 57% for Microsoft Azure and 60% for GCP. Figure A. "Even if you believe your cloud configurations are in order, the data tells us that not regularly confirming status is a risky bet. Scan the configurations often and make sure the settings are correct. It takes just one slip-up to accidentally open your organization's cloud to attackers," wrote Smith.

News URL

https://www.techrepublic.com/article/research-eyes-misconfiguration-issues-at-google-amazon-and-microsoft-cloud/