According to new research by Palo Alto Networks, cloud misconfigurations often occur due to poor ‘security hygiene’.
Specifically, the research states that companies are automating the building process of cloud infrastructure, resulting in new ‘infrastructure as code’ (IaC) templates. However, the accelerated adoption happens ‘without the help of the right security tools and processes’, says Palo Alto Networks. As a result, there are many vulnerabilities in the infrastructure.
The security specialists at Palo Alto Networks, however, indicate that IaC brings many benefits to security teams when they deal with it properly. For example, companies could build in security at an early stage, during the development process. In theory, the security of the cloud infrastructure can, therefore, be raised to a higher level.
However, the research shows that companies use more than 199,000 unsafe templates. Palo Alto Networks classifies vulnerabilities from medium to high level. Previously, the security company discovered that 65 percent of the cloud incidents were caused by misconfigurations; now the cause behind this is becoming more transparent.
The study also shows that 43 percent of cloud databases are not encrypted, noting at the same time that it is a way of protecting data and complying with legislation and regulations. Also, 60 percent of cloud storage services have logging disabled. This while logging is crucial in determining the extent of the damage of a cloud incident, Palo Alto Networks says.
Other studies also show that maintaining IT hygiene is a challenge for businesses. For example, a recent Tanium report found that 67 percent of IT leaders in enterprise organisations find collaboration between security teams and IT Ops teams a major challenge.