Not Enough Visibility and Poor Access Management are Big Contributors to Cloud Data Breaches

More businesses today are working on their digital transformations and are using the versatility, scalability, and cost savings offered by public cloud spaces. However, the security of public clouds can pose a big challenge.

One of the primary issues that has hindered businesses from using the public cloud is security. Security teams frequently feel that securing an on-site data center is a lot easier than securing information in public clouds, though many are realizing it is also easy to secure public clouds.

Public cloud providers today give a variety of security tools that could help businesses protect their cloud spaces. Although these offerings could definitely make cloud security more straightforward, organizations must still make sure that their cloud services are configured properly, identities and access rights are properly managed, and they have total visibility into all of their cloud workloads.

Cloud security vendor Ermetic not long ago commissioned IDC to perform a survey of CISOs to look into the difficulties connected with cloud safety and see how companies were doing at protecting their public clouds. Over 300 CISOs and IT decision makers responded to the survey.

79% of survey respondents stated they had encountered a cloud data breach in the last 18 months. 43% of survey participants stated they had encountered 10+ cloud data breaches in the same period, firmly indicating the hard time companies are having when securing their public cloud environments.

When asked regarding the biggest security pitfalls, here are the results:

  • 67% stated they were worried about security misconfigurations
  • 64% stated not enough visibility into access configurations and activities was a crucial element contributing to cloud data breaches
  • 61% stated access management and permission errors were a big breach risk

The intricacy of public cloud environments makes security hard to deal with. The flexibility of the cloud implies it is simple to immediately have more options on demand, but what usually happens is cloud deployments turn into a maze of interconnected devices, users, programs, services, and containers. If companies do not have total visibility into their public cloud environments, it is hard to make certain of proper permissions and the principle of least privilege is properly applied.

Establishing and handling access policies is a big obstacle. Access policies must be altered regularly, yet 80% of survey respondents stated they couldn’t properly handle increased data access for IaaS and PaaS. Too Much permissions are typically abused by cybercriminals, who utilize them for various malicious activities like data theft, data deletion, and deploying malware or ransomware.

Ermetic explained that most high-profile cybersecurity occurrences in recent times were due to the failure of customers to correctly configure their cloud environments, or giving too much or incorrect access permissions to cloud services, instead of the cloud provider’ failure to perform its commitments.

Regarding questions on the main cloud security concerns, the survey result is as follows:

  • 78% of respondents stated compliance monitoring
  • 75% answered authorization and permission management
  • 73% stated security configuration management

71% of survey respondents answered one of the biggest issues was detection of excessive permissions, nevertheless, only 20% of respondents said they can identify circumstances when employees were given excessive permissions.

The survey verified that excessive permissions are a big issue in healthcare. 31.25% of healthcare companies stated they had determined a situation where employees were given excessive permissions.

There were a lot of cases where security misconfigurations caused the exposure of sensitive data, with misconfigured Elasticsearch cases and AWS S3 buckets a prevalent reason for data breaches, however it is likewise essential to make sure that identities and permissions are correctly managed.

Making sure that users, apps, and services get access only to the cloud information and cloud resources that are required for their valid purposes was reported as the greatest cloud data protection problem by respondents to the survey.