A large number of companies are still failing to take key safety precautions to protect their business when working in the cloud, a new study has claimed.
Research by RedLock found many known vulnerabilities are being neglected because organisations are unable to adapt their existing threat management solutions to the cloud, as these tools lack the appropriate context on this constantly changing resource. More than four-fifths of businesses (81 per cent) are also not managing host vulnerabilities in the cloud, which opens the organisation up to potential attacks or breaches.
The study also noted that failing to adhere to established best practices is another common reason why cloud data breaches will continue to rise. For example, more than half (53 per cent) of companies that use cloud storage services such as Amazon S3 have inadvertently exposed one or more of these services to the public. This is up from 40 per cent when a similar study was conducted in May.
Gaurav Kumar, chief technology officer at RedLock and head of the firm's Cloud Security Intelligence team, said: "Organisations are still falling behind in effectively protecting their public cloud computing environments.
"The threats are real and cybercriminals are actively targeting information left unsecured in the public cloud. It's imperative for every organisation to develop an effective and holistic strategy now to protect their public cloud computing environment."
Other findings from the study revealed that many risky users could be going unnoticed, as nearly two out of five organisation (38 per cent) may have had administrative user accounts for their public cloud services compromised. This could allow malicious actors to access these environments, potentially causing "tremendous damage" to a company's operations.
Meanwhile, malicious network activity in cloud environments is also widespread, and many of these are not being effectively identified or blocked early enough. For instance, 37 per cent of databases were found to accept inbound connection requests from the internet, with seven per cent of these receiving requests from suspicious IP addresses, indicating they have been compromised.
Share This Post, Choose Your Platform!
With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.