Over 98 percent of organizations have misconfigured clouds
According to a new report, 98.6 percent of organizations have concerning misconfigurations in their cloud environments that can cause critical risks to their data and infrastructure.
The research from Zscaler finds cloud misconfiguration errors related to public access to storage buckets, account permissions, password storage and management, and more, have led to the exposure of billions of records.
The problem is made more acute by the fact that 55.1 percent of organizations are using more than a single cloud provider and 66.7 percent of organizations have public cloud storage buckets.
There are issues surrounding access to systems, 97.1 percent of organizations that use privileged user access controls without multi-factor authentication enabled have compromised accounts. With around 25 percent of breaches being initiated by a phishing attack, and the sophistication of these scams growing harder to detect, it is critical for organizations to ramp up access controls.
These risks extend to the supply chain, 68 percent of organizations have external users with admin permissions to their cloud environment. And 75.4 percent of organizations with AWS accounts for external identities -- including managing contractors and integrations -- do not apply strict access controls to limit the permissions and activities that these admin/super user-level accounts can perform.
Additionally, 59.4 percent of organizations do not apply basic ransomware controls for cloud storage like MFA Delete and versioning. While 17.4 percent of organizations are running workloads on vulnerable virtual machine compute instances exposed to the internet that could lead to critical data leaks.
You can read more about the report on the Zscaler blog.
Image credit: Wavebreakmedia/depositphotos.com