While the convenience and ease of public cloud technology has had a major impact on enabling scalable business operations to work from anywhere, the risks around using cloud technology are still slowly being realised and calculated by many organisations as they experience related attacks.
According to the 2022 Cloud (In)Security Report by Zscaler, 68% of the organisations have external users with admin permissions to the cloud environment, which can lead to governance challenges and an increased risk of data exfiltration and exploits. The report also revealed that 98.6% of organisations have concerning misconfigurations that cause critical risks to data and infrastructure.
These statistics indicate alarming cyber security, due to the majority of cyberattacks on public clouds being from misconfigurations rather than vulnerabilities. Cloud misconfiguration errors have led to the exposure of billions of records.
The report also revealed,
* 59.4% of organisations do not apply basic ransomware controls for cloud storage.
* 17.4% of organisations are running workloads on vulnerable virtual machine compute instances.
* 97.1% of organisations use privileged user access controls without multi-factor-authentication.
While cloud environments are covered under a shared responsibility for security with the service provider, the proper configuration of these environments is the responsibility of every organisation. cloud security posture management (CSPM) and cloud infrastructure entitlement management (CIEM) services can help identify misconfigurations and permission issues.