Skip to main content
close search
site logo
Dive Brief

Misconfigurations affect 93% of cloud deployments

Published Aug. 5, 2020
Roberto Torres's headshot
Editor
laptop, coding, code, cybersecurity
Rangel, David. [photograph]. Retrieved from https://unsplash.com/photos/4m7gmLNr3M0.

Dive Brief:

  • A review of "hundreds" of cloud deployments from customers and community showed 93% of reviewed infrastructure had misconfigured cloud storage services, according to a report from Accurics released Tuesday.
  • The majority of deployments had "at least one network exposure where a security group was left wide open." Combined, misconfigurations and open security groups have led to 200 breaches in the past two years, according to the company.
  • Hardcoded private keys were found in 72% of deployments, according to the report. Half of analyzed deployments kept unprotected credentials in container configuration files.

Dive Insight:

The impact of misconfigurations in enterprise cloud deployments can potentially spread beyond organizations and reach their clients and stakeholders. Companies hold treasure troves of user information, and malicious actors can exploit the flaws in order to extract the data. 

These type of cybersecurity flaws led to one of the largest data breaches the financial sector saw last year: the Capital One breach. A firewall misconfiguration allowed a malicious actor reach company data, which was hosted on Amazon Web Services, according to the Department of Justice.

The breach impacted data from 106 million individuals in the U.S. and Canada, including their credit scores and payment history.  

Widespread misconfiguration in cloud deployments can be traced back to the beginning of cloud. When many companies began their cloud journey, deployment automation technology wasn't widely available, said Om Moolchandani, co-founder and CTO at Accurics. 

"What used to happen is that a lot of cloud deployments were made using custom scripts or they were probably done by hand," said Moolchandani. As companies needed to perform changes to the cloud, the changes were made directly in the cloud, which introduced risk and misconfigurations.

"There was no way to detect misconfiguration before," said Moolchandani. With the invention, and increased adoption, of infrastructure as code (IaC), "that possibility has become a reality," allowing some teams to spot and fix errors before the deployment is up and running.

What companies can look to in the near future in order to combat misconfigurations is the connection between DevOps practices and security. "Security can be given to the DevOps teams using DevOps process, without introducing new friction points."

Companies that adopt DevSecOps practices can resolve a flaw 12 times faster than a traditional organization, according to a report from Veracode.

Recommended Reading

Filed Under: Cloud

Editors' picks

Company Announcements

View all | Post a press release
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
Editors' picks
Latest in Cloud
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell