Businesses are neglecting cloud security policies and leaving themselves open to exposure from vulnerabilities, according to recent research.

RedLock’s “Cloud Security Trends” report suggested that enterprise information leaks are rising due to slack vulnerability management, limited compliance with standards and unintentionally exposed databases. The researchers revealed that 38 percent of businesses have users whose accounts might have been compromised.

This research provides further evidence that cloud threats are top of mind in the digital age. IT and line-of-business managers should take note of the research and find ways to address the outlined concerns.

Lack of Compliance Increases Risk of Compromise

According to the study, which analyzed threats to RedLock customer environments as well as public cloud vulnerabilities between June and September 2017, the number of data exposures are increasing due to a lack of security policies.

More than half (53 percent) of businesses using cloud storage have unintentionally exposed one or more of these services to the public. This figure has risen significantly since the last survey in May, when it stood at 40 percent.

Meanwhile, 81 percent of businesses do not manage host vulnerabilities in the cloud. While firms are spending more on vulnerability scanning systems, they are also struggling to map the data they receive to the context of use. Since IP addresses constantly change in the cloud, businesses could find themselves open to compromise.

Such findings prompted the researchers to measure business compliance against industry standards. RedLock found that 45 percent of firms fail checks by the Center for Internet Security (CIS), with 46 percent of contraventions considered “high severity.” Almost half of companies failed Payment Card Industry (PCI) checks, with 19 percent of violations seen as high-severity issues.

Poor Security Policies Cause Problems

Poor security practices also extend to database management. More than one-third of databases accept inbound connection requests directly from the internet, and 7 percent of these databases take requests from suspect IP addresses. Since almost two-thirds of databases are not encrypted, researchers believe the risk of exposure is high.

The survey reported that 250 organizations, including blue-chip businesses, are leaking cloud computing access keys to internet-facing web servers. Researchers discovered that hundreds of companies are revealing sensitive details through misconfigured services, such as the open source deployment systems Kubernetes and Jenkins.

Researchers attributed this errant account activity to a broad range of issues, most notably users who change their activities, which accounts for 89 percent of compromises.

Managing the Cloud Security Conundrum

Cloud security remains a key concern for IT managers and business users. Earlier research from the Cloud Security Alliance found that 73 percent of executives have serious concerns that are holding their organizations back from adopting cloud computing. Experts have also suggested that cloud security risks are complex because multiple third parties typically have their hands in an organization’s data.

When it comes to reducing the risk of data exposure, RedLock suggested several best practices, including automatically discovering resources as they are created in the cloud, monitoring configurations to ensure they adhere to industry standards and considering auto-remediation workflows to resolve issues quickly.

More from

Most organizations want security vendor consolidation

4 min read - Cybersecurity is complicated, to say the least. Maintaining a strong security posture goes far beyond knowing about attack groups and their devious TTPs. Merely understanding, coordinating and unifying security tools can be challenging.We quickly passed through the “not if, but when” stage of cyberattacks. Now, it’s commonplace for companies to have experienced multiple breaches. Today, cybersecurity has taken a seat in core business strategy discussions as the risks and costs have risen dramatically.For this reason, 75% of organizations seek to…

How IBM secures the U.S. Open

2 min read - More than 15 million tennis fans around the world visited the US Open app and website this year, checking scores, poring over statistics and watching highlights from hundreds of matches over the two weeks of the tournament. To help develop this world-class digital experience, IBM Consulting worked closely with the USTA, developing powerful generative AI models that transform tennis data into insights and original content. Using IBM watsonx, a next-generation AI and data platform, the team built and managed the entire…

How the FBI Fights Back Against Worldwide Cyberattacks

5 min read - In the worldwide battle against malicious cyberattacks, there is no organization more central to the fight than the Federal Bureau of Investigation (FBI). And recent years have proven that the bureau still has some surprises up its sleeve. In early May, the U.S. Department of Justice announced the conclusion of a U.S. government operation called MEDUSA. The operation disrupted a global peer-to-peer network of computers compromised by malware called Snake. Attributed to a unit of the Russian government Security Service,…

How NIST Cybersecurity Framework 2.0 Tackles Risk Management

4 min read - The NIST Cybersecurity Framework 2.0 (CSF) is moving into its final stages before its 2024 implementation. After the public discussion period to inform decisions for the framework closed in May, it’s time to learn more about what to expect from the changes to the guidelines. The updated CSF is being aligned with the Biden Administration’s National Cybersecurity Strategy, according to Cherilyn Pascoe, senior technology policy advisor with NIST, at the 2023 RSA Conference. This sets up the new CSF to…