Companies detect only 1% of IaaS misconfiguration incidents


Thursday, 26 September, 2019
Companies detect only 1% of IaaS misconfiguration incidents

Ninety per cent of companies said they have experienced a security issue while using infrastructure-as-a-service (IaaS), but a new report shows they may not be aware of just how many issues they’re facing.

In fact, McAfee’s IaaS adoption and risk report showed that, of the remaining 10%, information technology (IT) decision-makers were twice as likely to say they hadn’t had any security issues as C-level leaders.

Additionally, only 1% of IaaS misconfiguration incidents were detected — so while companies reported 37 misconfiguration incidents per month, McAfee found they’re more likely to face 3500.

As a result and with IaaS rapidly growing, McAfee Senior Vice President of Cloud Security Rajiv Gupta is calling on companies to take more responsibility for their security.

“In the rush toward IaaS adoption, many organisations overlook the shared responsibility model for the cloud and assume that security is taken care of completely by the cloud provider,” Gupta said.

“However, the security of what customers put in the cloud — most importantly, sensitive data — is their responsibility. To defend against the new era of cloud-native breaches, organisations need to use security tools that are cloud-native, purpose-built for cloud security and address their portion of the shared responsibility model.”

IaaS breaches are different to malware incidents in that they leverage native features of cloud infrastructure — including configuration errors — to land the attack before expanding to adjacent cloud instances and exfiltrating sensitive data, McAfee explained.

Currently, only 26% of companies are equipped to audit IaaS configurations, which, McAfee believes, accounts for the lack of visibility.

Furthermore, while 76% of companies said they use multiple IaaS providers, cloud usage data showed that actually, 92% do.

McAfee said that it’s possible that the speed of cloud adoption is putting some security practitioners behind, leaving them without the tools they need to detect and stop cloud-native breaches.

The research “sheds light on the need for security tools to keep up with IaaS-native issues, especially the ability to continuously audit IaaS deployments for initial misconfiguration and configuration drift over time”, McAfee concluded.

Image credit: ©stock.adobe.com/au/Payette Media House

Related News

Zscaler launches Zero Trust Segmentation

Zscaler is taking a unique approach to protecting customers from the ransomware threat with its...

Akamai launches platform for building distributed apps

The new Akamai App Platform is designed to take some of the frustration and difficulty out of...

Nutanix expands collaboration with AWS

Nutanix will provide customers with the ability to run Nutanix Cloud Clusters on AWS as part of...

Content from other channels on our network

Powering data centres in the age of AI

Bringing geospatial tools to infrastructure planning

CICCADA project to analyse Australia's consumer energy

NSW EV charging network expands

When bus depots become energy hubs

Building secure AI: a critical guardrail for Australian policymakers

Streamlining ITSM does not require more staff: report

Shoalhaven City Council strengthens disaster recovery and security with Azure

DVA enlists TechnologyOne for digital transformation upgrade

Meeting modern citizens' needs with AI-powered government services

Communication interoperability is vital to silo-free public safety comms

Nokia selected to deploy 4G and 5G equipment in India

Optimising RF connector selection: technical considerations for signal integrity

Govt funds mobile coverage boost for regional Vic, NSW

ARCIA update: that's a wrap for 2024

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd