Cloud misconfigurations take an average 25 days to fix
On average it takes 25 days for companies to fix cloud infrastructure misconfigurations, according to a new report from cyber resilience specialist Accurics.
The research highlights security risks identified in cloud native environments. It shows that even organizations that establish a secure baseline when infrastructure is provisioned will experience ‘drift’ over time, when configuration changes occur in runtime, and these take an average of eight days to fix.
“Cloud native apps and services are more vital than ever before, and any risk in the infrastructure has critical implications,” says Accurics Co-founder, CTO and CISO Om Moolchandani. “Our research indicates that teams are rapidly adopting managed services, which certainly increase productivity and maintain development velocity. However, these teams unfortunately aren’t keeping up with the associated risks — we see a reliance on using default security profiles and configurations, along with excessive permissions. Messaging services and FaaS are also entering a perilous phase of adoption, just as storage buckets experienced a few years ago. If history is any guide, we’ll start seeing more breaches through insecure configurations around these services.”