One in Four Cloud Violations Due to Poor Security Configurations: Accurics
Accurics reports that poorly configured clouds by managed service providers account for nearly a quarter of cloud security violations, exposing sensitive development pipelines to the outside world over the internet. The California-based company has a few recommendations for organizations on reducing cloud security risks and ensuring compliance.
A report from cloud security company Accurics has highlighted the necessity of a shift-left approach to securing cloud environments. The company warns how risks identified in cloud environments leveraged by organizations can expose them to wide-scale attacks such as the SolarWinds hack last year and how instilling security within DevOps can help alleviate such risks.
Accurics’ Cloud Cyber Resilience Report identified several security violations within cloud environments, nearly a quarter (22.5%) of which were caused by poor configurations of managed services offerings. Most of these violations exist because organizations fail to restrict or update default security profiles and configurations, thereby enabling threat actors to obtain excessive permissions to cloud resources.
Jon Jarboe, a developer advocate at Accurics, said, “Default configurations for managed services are often designed to make it easier for developers to get started with a service — meaning that they favor more permissive, rather than more restrictive, access. By using these defaults in normal use, organizations are making it easier for attackers to discover their services, read their data, and potentially modify things.”