Data breaches in the cloud don’t look like the on-premises breaches we’re used to, where malware infiltrates the network and reaches endpoint devices, siphoning out data to a command and control location. In the cloud, primarily within Infrastructure-as-a-Service (IaaS) environments, data theft often occurs using native functions of the cloud which are built and delivered to cloud customers as features, such as port configurations and access controls.
“A Cloud-Native Breach is a series of actions by an adversarial actor in which they ‘Land’ their attack by exploiting errors or vulnerabilities in a cloud deployment without using malware, ‘Expand’ their access through weakly configured or protected interfaces to locate valuable data, and ‘Exfiltrate’ that data to their own storage location.”
These Cloud-Native Breaches may not use malware, but their end-result is the same, and often at a larger scale. Millions of customers records exposed. Tens of millions of citizen’s PII left open to the public. To understand the nature and impact of Cloud-Native Breaches on enterprises today, we conducted a study which compares the survey responses of 1,000 global enterprises with real-world, anonymized cloud event data.
Through a comparison of 1,000 enterprise organizations surveyed worldwide and real-world cloud use, this report uncovers the rise of Cloud-Native Breaches, disconnect between security practitioners and their leadership, and the state of multicloud adoption.
Each stage in a Cloud-Native Breach ties back to a cloud customer’s responsibility for security, which includes the configuration of IaaS deployments. In our research, we found that only 26% of companies can currently audit their IaaS environments for configuration errors. “Misconfiguration” of IaaS often acts as the front door to a Cloud-Native Breach, allowing the attacker to successfully land and then move on to expand and exfiltrate data.
99% of misconfigurations go unnoticed in IaaS by cloud customers. Here’s an excerpt from this study showing the disconnect:
With so few misconfigurations noticed in IaaS, and so few companies able to audit for them, doors are left open to data loss in the cloud. Companies need the ability to detect misconfigurations, ideally before they even go live in a production environment. In this study, we assess the risk in each stage of a Cloud-Native Breach, including misconfigurations, and provide recommendations to defend against them. Head over to the full report here.
About the Author
Categories: Cloud Security