Aqua Security Exposes Cloud Configuration Risks
May 17, 2021
Aqua Security published new research from Team Nautilus revealing that a
significant majority of companies that move to multi-cloud environments
are not properly configuring their cloud-based services. According to
new findings from Aqua’s “2021 Cloud Security Report: Cloud
Configuration Risks Exposed”, these misconfigurations, for example
leaving bucket or blog storage open, can open companies up to critical
security breaches. Reflecting the overwhelming amount of configurations
practitioners must address, even when companies are aware of errors,
most have not addressed the bulk of these issues in a timely manner.
Especially larger enterprises, as they take an average of 88 days to
address issues after discovery.
Over 12 months, Aqua’s research team analyzed anonymized cloud
infrastructure data from hundreds of organizations. Users were divided
into two groups based on the volume of cloud resources they scanned: SMB
(small and midsize business) who scanned between one and several hundred
resources, and enterprise users who scanned from several hundred up to a
few hundred thousand distinct resources.
More than 50% of all organizations receive alerts about misconfigured services with all ports open to the world, but only 68% of these issues were fixed, taking 24 days on average.
Over 40% of users had at least one misconfigured Docker API, taking an average of 60 days to remediate.
These findings point to numerous security posture issues across
Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS)
accounts, which suggests both a lack of understanding as well as an
overwhelming number of issues requiring attention.
The Aqua 2021 Security Report also provides recommendations on the
best practices and policies organizations can implement immediately to
mitigate the risk of cloud misconfigurations, including:
Treating all API issues as critical, as adversaries are actively scanning for exposed API ports.
Applying various IAM controls to establish layers of access control, such as multi-factor authentication (MFA) and identity federation.
“Whether an organization adopts a single or multi-cloud environment, it must be proactive in monitoring for and fixing service configuration issues that can unnecessarily expose it to threats,” said Ehud Amiri, Senior Director of Product Management. “Failure to do so will inevitably result in damage that can be much greater than the traditional OS or on-premises workloads.”