Nearly all organizations (98.6 percent) are experiencing worrisome misconfigurations that pose significant risks to data and infrastructure.
According to research by Zscaler, the increasing use of cloud technology is leading to more and more vulnerability problems. In the study, Zscaler finds that data and infrastructure vulnerabilities are increasing as organizations increase their use of the cloud.
In the study, Zscaler indicates that misconfiguration of cloud environments should be seen as the main cause of vulnerabilities. Almost all companies surveyed are said to be vulnerable as a result. These include misconfiguration-induced public access to storage buckets, account privileges, stored passwords and their management and unencrypted data stores.
Little use of MFA authentication
Another major factor for cloud solution vulnerabilities concerns the failure to use multi-factor authentication in particular. Companies would not yet adequately shield account privileges and access to accounts and furthermore do not enforce MFA. Therefore, it is still easy for cybercriminals to launch attacks on users’ access rights and abuse them for subsequent attacks.
Supply chain vulnerabilities
Also, many companies still do not provide partners and other suppliers with well-protected access to their (cloud-based) infrastructure and data. This makes them very susceptible to supply chain attacks. Strict access controls are also often not enforced for these partners and suppliers. This in turn increases the risk of data breaches and the misuse of vulnerabilities found.
Furthermore, the studies find that companies are still vulnerable by continuing to run workloads on not properly protected vm instances connected to the Internet and not applying simple ransomware controls for their cloud-based storage environments.
According to Zscaler’s research, companies can greatly improve their cloud security with the application of a number of best practices. These include taking ownership for configuring and managing cloud environments, encrypting all data and properly inspecting encrypted data traffic, logging and monitoring access and traffic, monitoring and auditing all configurations and running regular vulnerability scans to identify weaknesses.
Furthermore, companies should implement security patches immediately, enforce zero trust security and secure all endpoints.
Also read: Zscaler introduces Zscaler Resilience for greater business continuity