Fugue, the company responsible for the automation of compliance and security within cloud services released a report on the 5th of October 2018 which found out that the vast majority of IT Enterprises are vulnerable to cloud-based security risks due to misconfiguration of their cloud servers.
Critical Data Breaches and Downtimes are reported results of the misconfiguration. This report also coincides with one our previously published analysis on Cloud Fraudulent.
Fugue Survey Finds Majority Of Enterprises Vulnerable To Cloud Security Risks
The report also reveals that while 92% of IT Professionals are concerned about cloud misconfiguration and the related security risks, less than 30% of the population is actually working on repairing any misconfigurations in their cloud services.
And while 82 per cent reported security and compliance incidents due to cloud infrastructure misconfiguration, few enterprises have automated remediation processes that can prevent them.
Our goal with this survey was to identify what actually matters to enterprises with regard to cloud misconfiguration, particularly when it comes to security, compliance and their bottom line
– Phillip Merrick, CEO of Fugue
Among all the 300 companies which the survey analysed, 92% of the companies were aware of the risks of misconfiguration of cloud services, while 46% were highly concerned about it and 46% stating that they were somewhat concerned about the incident.
Only 21% of these teams actively monitor their cloud misconfigurations daily despite 51% of companies reporting daily misconfigurations and failures arising from those misconfigurations.
This revealed very long times of infrastructure vulnerability for most companies and that most companies don’t believe that their Mean Time to Remediation is where it is supposed to be to keep their service compliant and secure.
The reported results of cloud security breaches revealed that enterprises faced:
- Critical Data Breaches 27% of the time
- Object Storage Breaches 34% of the time
- Unauthorized Traffic 34% of the time
- Unauthorized Access 37% of the times
- Unauthorized Logins 29% of the time
- Unauthorized API Calls 27% of the time
- and System Downtime Events 34% of the time every time there was a failure resulting from cloud service misconfiguration.
Automated prevention allows organizations to move fast on a cloud while staying secure and in compliance.
– Drew Wright, Co-Founder and VP of Communications at Fugue
Among the top causes of cloud misconfiguration cited were human error (64%), lack of policy awareness (54%), and challenges in governing multiple interfaces to cloud APIs (47%).
And, while teams are often devoting the equivalent of at least one full-time engineer to managing cloud misconfiguration, 68 per cent report delays in remediation critical issues, and 79 per cent report that critical misconfiguration events are still being missed.