Most enterprises highly vulnerable to security events caused by cloud misconfiguration
Fugue released the results of its Cloud Infrastructure Misconfiguration Report. The survey of more than 300 IT professionals revealed that most enterprises are highly vulnerable to security events caused by cloud misconfiguration. Critical data breaches and system downtime events were among the many reported negative outcomes of misconfiguration.
Misconfiguration can occur for a variety of reasons
The key finding: while 92 percent of IT and security professionals reported concerns about security risks due to misconfiguration, fewer than a third are continuously monitoring for misconfiguration. And while 82 percent reported security and compliance incidents due to cloud infrastructure misconfiguration, few enterprises have automated remediation processes that can prevent them.
“Our goal with this survey was to identify what actually matters to enterprises with regard to cloud misconfiguration, particularly when it comes to security, compliance and their bottom line,” said Phillip Merrick, CEO of Fugue. “While there are many high-profile cases of data breaches due to misconfiguration, there has been little information available regarding the frequency, the causes and the costs enterprises incur in an attempt to manage them and mitigate the risk they bring.”
Concern is high but continuous monitoring is low
Just about every company surveyed registered concern about cloud misconfiguration, with 46 percent saying they were “highly concerned” and 46 percent being “somewhat concerned.” This level of concern has not yet translated into action, with only 28 percent reporting that they continuously monitor misconfiguration alerts.
While 51 percent of teams report a frequency of 50 or more misconfigurations daily, half of the teams surveyed only review alerts and remediate issues on a daily – or even longer – timeframe, leading to dangerously long infrastructure vulnerability periods. Very few believe their Mean Time to Remediation (MTTR) for cloud misconfigurations is where it should be to keep infrastructure secure and compliant.
Cloud misconfiguration leads to major security problems
When asked if their organization had experienced security, compliance or operational issues resulting from a cloud misconfiguration, respondents reported a variety of negative events. Specifically:
- Critical data breaches: 27 percent
- Object storage breaches: 34 percent
- Unauthorized traffic to a virtual server instance: 36 percent
- Unauthorized access to a database service: 34 percent
- Unauthorized user logins: 29 percent
- Unauthorized API calls: 28 percent
- System downtime events: 44 percent.
Common types of misconfiguration
Managing cloud misconfiguration has a high cost
While the risk due to cloud misconfiguration is great, the burden of managing it soaks up valuable time and resources. The survey asked respondents to estimate how much time their teams devoted each week to managing misconfiguration, specifically on tasks such as reviewing alerts, identifying critical issues, remediating, producing reports, and auditing. Just under half reported spending from 50 to 500 (or more) hours of dedicated time.
Among the top causes of cloud misconfiguration cited were human error (64 percent), lack of policy awareness (54 percent), and challenges in governing multiple interfaces to cloud APIs (47 percent). And, while teams are often devoting the equivalent of at least one full-time engineer to managing cloud misconfiguration, 68 percent report delays in remediation critical issues, and 79 percent report that critical misconfiguration events are still being missed.