43 percent of cloud identities are abandoned and unused
A new analysis of platforms including AWS, Google and Salesforce, involving 200,000 identities and hundreds of millions of cloud assets reveals that 43 percent of all cloud identities sit abandoned and unused.
The report from Varonis points out that this also means they are exposed and vulnerable, making an organization a target for account takeovers.
Three out of four cloud identities belonging to external contractors, for example, remain active after they leave the organization, which means they can continue to access -- and potentially steal -- IP and data.
In addition one in four cloud identities are non-human. These include APIs, serverless applications, virtual machines, and so on. Unlike human identities, they are under threat of compromise 24x7 because they are always logged in and are typically overlooked by security teams since they
operate in the background.
Misconfigured privileges are a problem too, with 43 percent of users having more access than they need. Three out of five have admin level privileges.
Some employees are also engaged in high risk activities, with 15 percent transferring business critical data to their personal cloud accounts. 16 percent perform privileged activities and 20 percent of these have access to sensitive data.
You can find out more on the Varonis site.