This article is more than 1 year old
Why do cloud leaks keep happening? Because no one has a clue how their instances are configured
McAfee study finds poor setups, even worse visibility
The ongoing rash of data leaks caused by misconfigured clouds is the result of companies having virtually no visibility into how their cloud instances are configured, and very little ability to audit and manage them.
This less-than-sunny news comes courtesy of the team at McAfee, which said in its latest Infrastructure as a Service (IaaS) risk report that 99 per cent of exposed instances go unnoticed by the enterprises running them.
Such unsecured instances (usually storage buckets or databases left accessible to the general public) have been responsible for many of the largest data leaks in recent years after researchers or, in some cases, hackers, stumbled upon the exposed servers and made off with their contents.
McAfee's study, based on a sample of 1,000 enterprises in 11 countries as well as anonymized customer data, suggests that most businesses are woefully unaware of what data they have facing the internet.
Customers told the security house they had, on average, around 37 instances of misconfigured systems and folders arise per month. In reality, McAfee places this number closer to 3,500 incidents per month as databases, storage buckets and cloud servers are inadvertently left open or exposed by a vulnerable web application.
Fancy a career exposing cloud data leaks? Great news, companies are still largely cluelessREAD MORE
The problem, said McAfee, is most enterprises have little way to actually see what is exposed and where. The study reckons just 26 per cent of the firms it polled have the ability to audit their cloud configurations.
Additionally, companies usually end up running a greater variety of services than execs and IT admins realise. Of those surveyed, 76 per cent thought they used multiple cloud vendors, when McAfee's study found the actual number was more like 92 per cent.
"It's possible the speed of cloud adoption is putting some practitioners behind," McAfee said in the paper.
"Infrastructure changes rapidly in the cloud, opening the door for mistakes as code is released in continuous integration/continuous delivery (CI/CD) practices."
While such findings are not particularly new (we have known for a while that most enterprises keep poor track of where their clouds are running and what data is being shared), the sheer number of companies vulnerable has to be more than a little alarming, especially after years of major incidents that collectively should have served as a wake-up call.
"We hypothesize that there is a practitioner-leadership disconnect at work here," McAfee added.
"Ninety per cent of companies told us they'd experienced some security issue in IaaS, misconfiguration or otherwise. But twice as many manager-level IT personnel, those closest to the IaaS environment, thought they'd never experienced an issue compared to their CISO, CTO, and CIO leadership."
As for what can be done, McAfee noted a number of strategies, including the regular use of auditing tools and security frameworks to make sure your cloud platforms aren't spitting out VMs with the wrong settings. ®