Cloud security fears continue: Managed services, messaging, FaaS at ‘perilous’ stage
As adoption of managed infrastructure services increases, new cloud attack areas arrive with them. According to a new report from Accurics, 23% of all security violations identified relate to poorly configured manage service offerings.
The study, Accurics’ Cloud Cyber Resilience Report, assessed violations and drifts in real-world environments of Accurics users, as well as open source repositories and registries of infrastructure as code (IaC) components.
On average, the research found the mean time to remediate issues (MTTR) for violations is 25 days across all environments. Accurics described this as ‘a luxury’ for potential attackers. For drifts from established secure infrastructure postures, the MTTR is eight days on average.
This is an interesting point of differentiation and one which shows security must be persistently explored. Take the Twilio TaskRouter JS SDK security incident from July. In this instance, the Amazon Web Services (AWS) S3 bucket was configured correctly when added – as far back as 2015 – a configuration change made five months later altered it. This drift went undetected and unaddressed, until exploited last year.