Cloud Infrastructure Misconfigurations Take 25 Days to Fix
- There’s a set of emerging trends in the security aspect of cloud infrastructure.
- Misconfigurations are now covering a wide spectrum of issues and stem from more complex environments.
- Identifying, responding, and eventually fixing misconfigurations still take too much time.
Accurics has published its “Cloud Cyber Resilience Report,” and there are some interesting findings in there that reflect the current state of the rapidly growing space, the challenges faced, and the persistent issues that still plague a large percentage of deployments. COVID-19 has accelerated the “migration of everything” to the cloud, but at the same time, it has moved some malpractices on new platforms intact.
The firm has analyzed hundreds of cloud-native infrastructure deployments across their customers and also community users, and so here are the key findings regarding emerging trends:
- As the adoption of managed infrastructure offerings rises, watering hole attacks become more prevalent.
- In 22.5% of the violations found, the main problem was poor configurations of managed services, leaving things at their “default” settings.
- Messaging services and FaaS (function as a service) are becoming the next “storage bucket” trend.
- 35.3% of IAM (Identity and Access Management) drifts originate in IaC (Infrastructure as Code).