Watch out for these three risky behaviors to boost cloud security

Users of cloud computing resources have a tendency to make the same mistakes over and over again, with the vast majority — about 80% — of alerts seen by security teams triggered by a tiny 5% of security rules, the findings show. have been prescribed in a report compiled by Unit 42 Research Unit of Palo Alto Networks.

In Cloud threat report, navigating the growing attack surface – Seventh in an ongoing series – Unit 42 analyzed workloads drawn from 210,000 cloud accounts across 1,200 different organizations and investigated a number of real-world security incidents originating through cloud environments.

They found repeatedly that almost every organization had a small set of risky behaviors that were often seen in their cloud workloads. The most regularly observed of these were unrestricted firewall policies, exposed databases and unenforced multifactor authentication (MFA) policies – 76% of organizations do not enforce MFA for console users, the report said.

“all of [these] potentially generated by a different number of engineers and IaC [infrastructure-as-code] template,” wrote lead researcher Jay Chen and his team. “These issues vary from organization to organization, but the takeaway is the same for all of them — a small number of repeatable issues drive the largest percentage of problems.”

The team also found that it takes an average of 145 hours – about six days – to respond to a security alert, and 60% of organizations take more than four days to resolve a security alert. By prioritizing treatment of these three issues, security teams can not only help their organizations maximize the return on their security investment, but potentially eliminate many of their day-to-day headaches in one fell swoop.

“After two decades of rapid cloud adoption by organizations, 2023 can be considered a turning point for cloud security. The rate of cloud migration shows no signs of slowing down – to $370bn [£297.6bn] in 2021, with a forecast to reach $830bn [£667.6bn] In 2025 – many cloud-native applications and architectures have already had time to mature,” said Ankur Shah, senior vice president of Prisma Cloud at Palo Alto Networks.

“The dynamic nature of cloud technology – with feature updates in public cloud services, new attack methods and widespread use of open-source code – is now driving an awareness of the inherent risks of modern, cloud-native development. As more organizations As the adoption of cloud-native technologies increases, the number of cloud-native applications grows. The popularity and complexity of the technology then expands the attack surface with vulnerabilities and misconfigurations for cybercriminals to exploit,” he said.

While user-generated issues, including insecure configurations, remain the primary concern when it comes to cloud security, the Unit 42 team has also highlighted issues that arise from ready-to-use templates and default configurations offered by cloud service providers (CSPs). There are

He added that while these default options may seem convenient enough, they don’t do it lightly to “position users to the most secure initial state.”

latest version of cloud threat report Highlights the use of open source software and components as one of the driving forces behind the cloud revolution and how this trend has increased risk by introducing greater complexity, depreciated or abandoned software, malicious content and slower patching cycles The possibility of such problems increases. , all increasing the pressure on organizational security.