Unit 42 Cloud Security Trends and Tips

This post is also available in: 日本語 (Japanese)

The benefits for enterprises moving to the cloud are clear: greater flexibility, agility, scalability and cost savings. However, adopting public cloud infrastructure can also magnify security risks and compliance challenges. Today, we released the latest report from Unit 42, “Cloud Security Trends and Tips: Key Learning to Secure Your AWS, Azure and Google Cloud Environments.” In this report, Unit 42 looked at new and existing threats to cloud security from late-May through early-September 2018 and analyzed how enterprises are faring as they attempt to balance risk with efficiency.

Among other findings, the report shows:

• Account compromises are increasing in scale and velocity: Unit 42 research reveals 29% of organizations have potential account compromises, 27% allow root user activities, and 41% of access keys have not been rotated in the last 90 days. Credential compromises are becoming more commonplace, and organizations clearly need to enforce strong governance and access hygiene. Enterprises must operate under the assumption that account compromises are a possibility, and implement monitoring to detect and rapidly respond to suspicious user activities.

• Compliance is a work in progress: The numbers are undeniable: 32% of organizations publicly exposed at least one cloud storage service, 49% of databases are not encrypted, and 32% of GDPR compliance checks fail—a significant concern in today’s global operating environment. It’s long been known that risky resource configurations lead to high-profile breaches. There are signs of better protection of cloud storage services, but with the rise of sweeping regulations such as GDPR in Europe and California Consumer Privacy Act, many organizations still have much work to do before they achieve comprehensive compliance and governance across public cloud environments.

• Cryptojacking may be cooling: Unit 42 found that 11% of organizations experienced cryptojacking activity in their environments—a serious problem, but better than the 25% reported in May. More than a quarter (26%) don’t restrict outbound traffic at all, and 28% of databases receive inbound connections from the internet. It appears that the diminishing value of cryptocurrencies, along with better detection capabilities, is helping decrease cryptojacking attacks. This represents an opportunity to implement greater countermeasures before the next wave of attacks.

• A bright note in vulnerability management: Just as Spectre and Meltdown caused major business disruption earlier this year, the latest vulnerability affecting Intel processors (L1 Terminal Fault) and the remote code execution (RCE) flaw in Apache Struts 2 are generating headaches now: 23% of organizations have hosts missing critical patches in the cloud. Cloud service providers (CSPs) provide a first line of defense by updating their infrastructures and services, but customers have a role to play in identifying and patching vulnerable hosts—and that can’t be done with standalone vulnerability scanning tools that were not designed for cloud architectures.

• Containing the container model: There’s no question that container adoption is booming: one in three organizations use native or managed Kubernetes orchestration, and a quarter leverage managed services in the cloud such as Amazon Elastic Container Service for Kubernetes (EKS), Google Kubernetes Engine (GKE), and Azure Kubernetes Service (AKS). Such platforms make it easy for developers to deploy, manage and scale containerized applications. The Unit 42 report finds that 46% of organizations accept traffic to Kubernetes pods from any source, and 15% don’t use Identity and Access Management (IAM) policies to control access to Kubernetes instances. Organizations need to apply network policies that isolate the pods and enforce access control.

Download “Cloud Security Trends and Tips: Key Learning to Secure Your AWS, Azure and Google Cloud Environments” for more security trends and actionable recommendations to protect your cloud environment.