Risk in Cloud Computing Infrastructure: IaaS Research Study

By on Sep 24, 2019

Data breaches in the cloud don’t look like the on-premises breaches we’re used to, where malware infiltrates the network and reaches endpoint devices, siphoning out data to a command and control location. In the cloud, primarily within Infrastructure-as-a-Service (IaaS) environments, data theft often occurs using native functions of the cloud which are built and delivered to cloud customers as features, such as port configurations and access controls.

“A Cloud-Native Breach is a series of actions by an adversarial actor in which they ‘Land’ their attack by exploiting errors or vulnerabilities in a cloud deployment without using malware, ‘Expand’ their access through weakly configured or protected interfaces to locate valuable data, and ‘Exfiltrate’ that data to their own storage location.”

These Cloud-Native Breaches may not use malware, but their end-result is the same, and often at a larger scale. Millions of customers records exposedTens of millions of citizen’s PII left open to the public. To understand the nature and impact of Cloud-Native Breaches on enterprises today, we conducted a study which compares the survey responses of 1,000 global enterprises with real-world, anonymized cloud event data.

Cloud-Native: IaaS Adoption and Risk Report

Through a comparison of 1,000 enterprise organizations surveyed worldwide and real-world cloud use, this report uncovers the rise of Cloud-Native Breaches, disconnect between security practitioners and their leadership, and the state of multicloud adoption.

Download Now

Each stage in a Cloud-Native Breach ties back to a cloud customer’s responsibility for security, which includes the configuration of IaaS deployments. In our research, we found that only 26% of companies can currently audit their IaaS environments for configuration errors. “Misconfiguration” of IaaS often acts as the front door to a Cloud-Native Breach, allowing the attacker to successfully land and then move on to expand and exfiltrate data.

99% of misconfigurations go unnoticed in IaaS by cloud customers. Here’s an excerpt from this study showing the disconnect:Figure 2: Please estimate how many IaaS misconfiguration incidents occur per month at your organization; occurrence of actual misconfiguration incidents. Known versus Actual IaaS Misconfiguration incidents per month: 37 Know misconfigurations per month; 3500 actual misconfigurations per month.

With so few misconfigurations noticed in IaaS, and so few companies able to audit for them, doors are left open to data loss in the cloud. Companies need the ability to detect misconfigurations, ideally before they even go live in a production environment. In this study, we assess the risk in each stage of a Cloud-Native Breach, including misconfigurations, and provide recommendations to defend against them. Head over to the full report here. 

About the Author

McAfee Cloud BU

Learn about cloud threats, the latest cloud security technologies, and the leading approaches for protecting data in cloud services.

Read more posts from McAfee Cloud BU

Categories: Cloud Security

Subscribe to McAfee Securing Tomorrow Blogs