Identity and access management a major concern for cloud deployments
According to a new report, 71.5 percent of violations on AWS occur around identity and access management (IAM).
The study from cloud security company Netskope analyzed the Center for Internet Security's Benchmarks for AWS. Many of the IAM violations found involve instance rules, role-based access controls, and access to resources or password policy requirements -- things that enterprises can easily address even without an external security solution.
Additional benchmark violations were found in monitoring (19 percent), networking (5.9 percent) and logging (3.6 percent).
Looking at data loss prevention (DLP) violations, uploads make up the majority with 55.3 percent, followed by downloads (32.4 percent), and sending (11.2 percent). The report also looks at I/PaaS DLP violations as a separate category to understand the areas and activities in which security teams are focusing their DLP policies. Looked at from this angle, download and upload are still the major activities with violations with 64.1 percent and 35.7 percent, respectively.
"As organizations increasingly adopt a multi-cloud approach, IT teams must continuously assess the security of their public cloud infrastructure and be aware of the data moving in and out of those services," says Sanjay Beri, founder and CEO of Netskope. "Enterprises should consider using the same security profiles, policies and controls across all services -- SaaS, IaaS, and web -- in order to reduce overhead and complexity as the use of cloud services scales."
The study also reveals that this quarter, the average number of cloud services per enterprise increased by 5.5 percent to 1,246, compared to 1,181 in the February 2018 report. The vast majority, 92.7 percent of these services, are not enterprise-ready, earning a rating of 'medium' or below in the Netskope Cloud Confidence Index.
You can find out more in the full Netskope Cloud Report, available from the company’s website.