Skip to main content
close search
site logo
Dive Brief

Companies miss 99% of IaaS configuration errors, McAfee says

Published Sept. 24, 2019
Naomi Eide's headshot
Managing Editor
Adobe Stock

Dive Brief:

  • Companies miss 99% of infrastructure as a service (IaaS) misconfigurations, according to McAfee research, which surveyed 1,000 IT professionals about misconfigurations. The security firm also included analysis of its customers' IaaS environments. 
  • Contributing to the problem, only 26% of companies have tools required to properly audit IaaS configurations, McAfee found.
  • Configuration becomes more complex as companies adopt multicloud environments. While three-quarters of respondents say they use multiple IaaS providers, in reality that number is 92%, according to McAfee. 

Dive Insight:

The increased adoption of cloud technology is making it easier for configuration errors to creep in. Part of the concern is there is a disconnect between how many misconfiguration errors companies think they have, and the reality.

In some cases, companies aren't even aware of the number of IaaS providers they have. 

Survey respondents say they have 37 misconfiguration incidents in IaaS environment every month, but McAfee data indicates that number is closer to 3,500. While 73% of those misconfigurations are eventually resolved, 27% remain vulnerable, according to the research. 

While thousands of incidents seems glaring, 60% of respondents say misconfigurations are resolved within hours, according to McAfee. Just 2% of those surveyed say incidents are resolved "within months."

Cloud configuration errors have received much attention in recent months, as companies look to Capital One's data breach as an example of what can go wrong in an IaaS environment. Critique arose about the company's cloud-first strategy and many questioned the cloud's security

Companies miss configurations frequently, but it is not their burden to shoulder alone. In cloud environments, vendors follow a shared security model where customers are responsible for security "in" the cloud, while vendors ensure physical infrastructure remains secure. 

But even Amazon Web Services has said it can do more. Following the Capital One incident, AWS says it is working to further support customer security scanning customer builds for misconfigurations. 

Recommended Reading

Filed Under: Cloud, Security

Editors' picks

Company Announcements

View all | Post a press release
Graphiant Unveils Revolutionary Data Assurance Offering
From Graphiant
December 09, 2024
Smart City Expo USA 2025 Speakers Announced
From Smart City Expo USA
December 11, 2024
NeuBird Secures $22.5M in Funding, Announces General Availability of Hawkeye: An AI Teammate f…
From NeuBird
December 11, 2024
Welo Data Launches Innovative Model Assessment Suite, Advancing Multilingual Causal Reasoning …
From Welocalize, Inc.
December 17, 2024
Editors' picks
Latest in Cloud
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.