Enterprises Using IaaS or PaaS Have 14 Misconfigured Instances on Average, Cloud Adoption Study Finds

November 12, 2018 @ 8:30 AM
| |
< 1 min read

Enterprises using infrastructure-as-a-service (IaaS) or platform-as-a-service (PaaS) solutions have 14 misconfigured instances on average running at a given time.

A recent cloud adoption study by McAfee found that organizations have increased their usage of the cloud over time. The average number of cloud services in use per company grew from 1,682 in 2017 to 1,935 a year later. This growth was evident in both the number of enterprise cloud apps and consumer cloud apps.

But while organizations are increasingly turning to the cloud to satisfy their business needs, they aren’t taking the necessary steps to safeguard their cloud-based assets, the researchers observed. According to the report, some of the most common oversights involved inactive data encryption and unrestricted outbound access.

How Do Cloud Misconfigurations Put Data at Risk?

Cloud misconfigurations directly jeopardize organizations’ data. McAfee customers who turn on data loss prevention (DLP) discovered an average of 1,527 DLP incidents in their IaaS or PaaS storage per month. Overall, 27 percent of organizations using PaaS experienced a data theft incident affecting their cloud infrastructure.

Part of the problem is that no two cloud service providers (CSPs) offer the same security controls. Some CSPs even lack some of the most basic security measures. Just 8 percent of providers encrypted stored data at rest, for instance, while only 19.2 percent supported multifactor authentication (MFA).

How to Cope With Increasing Cloud Adoption

Security professionals can help their organizations stay protected amid increasing cloud adoption by embedding corporate security policies into contracts with CSPs. They should also consider conducting regular penetration tests to map their environments for vulnerabilities.

Sources: McAfee

David Bisson
Contributing Editor

David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Trip...
read more