Cloud security: a catastrophic situation according to McAfee
Cloud security is simply catastrophic, as most companies misconfigure the IaaS and PaaS services they use. This is revealed by a very disturbing study published by McAfee.
More and more companies are adopting Cloud services, and the market is growing at a breakneck pace. Unfortunately, cloud security practices have not kept pace. This is revealed by a frightening report published by McAfee following the analysis of 30 million events recorded on its own services.
The study shows that most companies do not keep enough records of the cloud services they use. Therefore, they are not able to secure them properly . Thus, an average company uses 1900 Cloud instances. However, most of the organizations interviewed by McAfee believe that they only use around 30!
This neglect explains why the average enterprise has around 14 poorly configured IaaS (infrastructure as a service) instances running at all times. The PaaS (platform as a service) are also involved .
Cloud security: most companies misconfigure their IaaS and PaaS
One of the platforms most affected by this issue is also one of the most popular: Amazon AWS S3. About 5.5% of AWS S3 storage instances are configured as “world read” , which means that anyone can access their content provided they know the address of the S3 bucket. We can better understand the large number of data leaks stored on AWS S3 .
Personal accounts are also woefully insecure. Thus, still according to McAfee, 92% of companies have at least one identifier for sale on the cybercrime market . Events involving a compromised account or an internal threat have increased by 28% in one year, and 80% of companies will have to face at least one threat linked to a compromised Cloud account during this month.
McAfee provides simple advice to correct this critical situation. The firm recommends that companies conduct an audit of the configuration of the Cloud services they use, and map where their sensitive data is stored. The next step is to properly configure and control access to this data.