During one of my favorite scenes in Ocean’s Eleven, Saul Bloom asked Danny Ocean, "You expect us to just walk out the casino with millions of dollars on us?” Who responded with a simple, “Yeah.” It’s almost unbelievable and laughable at first, but, spoiler alert, Ocean and his ten accomplices were able to do just that.
Working in the cyber security industry for over 12 years now, I have seen my share of cyberattacks. Some that were simple and others that were on the same scale of sophistication as the Ocean’s Eleven heist. While Ocean and his team infiltrated the Bellagio’s vault for monetary gain, cyber attackers attempt to infiltrate corporate networks to steal sensitive data.
Today, we are announcing the formation of the RedLock Cloud Security Intelligence (CSI) team that comprises of a group of security analysts, data scientists, and data engineers who research cloud threats and advise on cloud security best practices. To-date, we have discovered 4.8 million exposed records containing sensitive data such as Protected Health Information (PHI) and Personally Identifiable Information (PII).
We captured some of our key findings in our first Cloud Infrastructure Security Trends report, and I wanted to share some of the statistics that we found to be very alarming.
"Insecure by Default" Invites Trouble
We found that 93% of resources in public cloud environments do not restrict outbound traffic at all which makes it easy for adversaries to exfiltrate data. This could largely be due to the fact that some cloud services allow all outbound traffic by default. Organizations should implement a “deny all” default outbound firewall policy.
Sensitive Data Left Exposed
Our team discovered that 82% of databases in public cloud computing environments were left unencrypted, which goes against the fundamentals of data security. At the very least, organizations should proactively implement continuous configuration monitoring to ensure that encryption is enabled.
Poor User Access Controls Create Risk
Surprisingly, 58% of root accounts did not have multi-factor authentication (MFA) enabled. If any root user account is compromised, malicious actors will have keys to the kingdom. By enforcing stringent access controls, which you can learn more about in the full report, you are taking the first step in preventing unauthorized access.
Lack of Visibility Creates Blind Spots
We uncovered over 285 Kubernetes dashboards deployed in public cloud computing environments did not have authentication enabled. This issue stems from the fact that users do not have the necessary visibility into the environment. We recommend that organizations invest in holistic visibility solutions.
These trends are worrisome and illustrate that a lot more progress needs to be made towards securing public cloud infrastructure. Cloud service providers are securing the physical infrastructure and providing capabilities for organizations to securely migrate resources to the public cloud. Unfortunately, organizations are struggling to secure their content, applications, systems, networks, and users that leverage the infrastructure. Our report provides 14 tips to help organizations fortify their public cloud computing environments.
View our complete findings by downloading the Cloud Infrastructure Security Trends report.