A majority of IT decision makers (95 per cent) regard cloud misconfiguration as a data security risk, potentially leading to compliance problems and obstructing digital transformation, according to a new study from Trend Micro, a global leader in cybersecurity solutions.
Trend Micro commissioned new independent research to shed light on cloud security challenges facing UK organisations. The resulting Cloud Security Index is designed to help IT leaders compare their cloud posture to that of their peers across key areas such as adoption barriers, operational challenges, and emerging technologies.
Of the vast majority highlighting the risk of misconfigurations in the cloud, two-fifths (41 per cent) labelled it a great risk, rising to 52 per cent for those in administrative or technical roles, and 57 per cent for those working in B2C settings, where mistakes could lead to serious breaches of customer data.
Cloud configuration errors can take many forms, but most commonly mean an unencrypted data store is left exposed to the public internet without any form of authentication required to access it. Other common mistakes involve exposing data to all global users of the same cloud platform, leaving encryption keys and passwords in open repositories, and failing to enable logging and monitoring of security events.
Numerous big-name organisations have been found wanting in this area, including technology companies and government agencies. Cyber-criminals are increasingly searching for exposed systems, either to steal and ransom data, install malicious digital skimming code onto websites, or other ends.
“From Capital One to the US government, the list of serious data leaks and breaches via misconfigured cloud systems is growing by the second,” Bharat Mistry, principal security strategist at Trend Micro, said. “We detect 230 million of these errors every single day.
“This tells us something important: organisations are struggling to find the in-house skills needed to keep pace with their complex hybrid- and multi-cloud deployments. With just a few clicks of a mouse potentially exposing highly sensitive and regulated data, CISOs need to consider investments such as cloud security posture management to tackle escalating risk.”
The research also revealed that nearly two-thirds (62 per cent) of UK IT leaders are extremely or very concerned about the legal and regulatory compliance implications of cloud threats like misconfiguration, while over a quarter (27 per cent) have experience an incident over the past year.