Over 70 percent of companies using AWS have serious security misconfigurations
A high percentage of companies using AWS cloud services have at least one critical security misconfiguration according to a new survey.
Cloud security company Threat Stack has analyzed more than 200 companies using AWS and found a number of well-documented security misconfigurations.
Among the most serious are AWS Security Groups configured to leave SSH wide open to the internet in 73 percent of the companies analyzed. This simple configuration error allows an attacker to attempt remote server access from anywhere, rendering traditional network controls like VPN and firewalls ineffective. Threat Stack also observed SSH traffic from the internet using the root account, which could have severe security repercussions.
Among other problems are that 62 percent of companies analyzed are not requiring multi-factor authentication for AWS users, making brute force attacks much simpler. Even AWS-native security services, such as CloudTrail, are not being deployed universally (27 percent) across all regions.
While these cloud security best practices are relatively simple to fix, Threat Stack also identified a more complex concern. Data collected by the company going back to September of 2016 shows that fewer than 13 percent of the companies analyzed are keeping software updates current. In addition the majority of these unpatched systems are kept online indefinitely, some for more than three years.
"The most surprising part of these findings is that, for all the money that sophisticated enterprises spend on advanced security, a majority aren't even taking full advantage of the basic security tools available to them as AWS users," says Sam Bisbee, CTO, Threat Stack. "Despite years of education from AWS and their technology partners in the industry, not to mention the prevalence of automated security checks, a majority of users are still not configuring their cloud environments securely. Hopefully, this data will serve as a wakeup call."