Although the total number of IaaS cloud vulnerabilities is still small and the technology relatively young, volumes are increasing year-over-year at a steady rate, an expected to hit 50-percent growth by the end of 2019, Skybox reveals.
Key findings of the report include:
- Vulnerabilities affecting cloud IaaS solutions likely to increase 50% over 2018 figures
- Cloud container vulnerabilities have increased by 82% thus far in 2019
- Third-party cloud plugins and apps further expanding the attack surface
- Misconfigurations the greatest risk to cloud security
“Vulnerabilities within IaaS cloud solutions are naturally going to continue to climb as these services are more widely adopted,” said Skybox CTO Ron Davidson.
“Organizations would be wise not to be too distracted by this increase in vulnerability reports. The biggest cloud insecurities don’t exist within the service provider’s infrastructure itself, but in the way that companies implement and manage the technology.
“Without proper security considerations and oversight, misconfigurations and policy violations may abound. These process-related issues are hiding in plain sight within organizations — and they present the greatest risk.”
“Risks within cloud environments are difficult to manage in many organizations simply because the traditional tools, processes and teams are often ill-equipped to handle the volume and velocity of change in cloud environments,” said Amrit Williams, VP of products at Skybox.
“Handling the security and management of disparate infrastructures is incredibly complex, so many organizations are being forced to rethink how to maximize the effectiveness of their cloud deployments while maintaining efficiency.
“This report highlights the need for organizations to try and unify their methodologies across their hybrid infrastructure, while still understanding there are unique challenges with cloud.”