McAfee: Enterprises Ripe for Cloud-Native Breaches
In their rush toward infrastructure-as-a-service (IaaS) adoption, many enterprise organizations are overlooking security weaknesses, leaving the door wide open for cloud-native breaches.
That’s according to McAfee‘s new report, titled “Cloud-Native: The IaaS Adoption and Risk Report.” McAfee surveyed 1,000 enterprise organizations globally about security issues in IaaS, with a focus on misconfigurations, which in some cases have left millions of customer records and intellectual property open to theft.
McAfee also analyzed its own customers’ use of IaaS through event data across millions of cloud users and billions of events.
Daniel Flaherty, McAfee’s senior product marketing manager, tells us MSSPs have an opportunity to solve this challenge for their customers by first auditing IaaS environments on a continuous basis, and further working with the customer’s internal DevOps teams to implement the audit process as part of the deployment lifecycle before any IaaS resources go live.
“Once the baseline of configuration auditing is in place, MSSPs can expand along the attack chain of cloud-native breaches to implement behavioral-based threat detection in their customer’s environments, along with data loss prevention (DLP) for their storage objects and databases,” he said. “Overall this represents a growing market opportunity for MSSPs to meet the challenge of cloud-native breaches with up-to-date security practices for their customers as they increasingly shift infrastructure to the cloud.”
Ninety-nine percent of IaaS misconfigurations go unnoticed, indicating awareness around the most common entry point to new cloud-native breaches is extremely low, according to McAfee.
“Cloud-native breaches are not like the typical malware-based attacks of the past that rely on obscurity and evasion,” Flaherty said. “Instead, these new attacks capitalize on misconfigured, native features of the cloud exposed via internet-facing, well-defined APIs that work as advertised. Once exploited, adversaries can easily replicate these attacks across a broad customer base due to the multitenant nature of cloud deployments that share the common platform functions used to breach a single tenant.”
Other findings include:
- Ninety percent of companies have experienced some security issue in IaaS, misconfiguration or otherwise; yet, twice as many practitioners think they’ve never experienced an issue compared to their C-level leadership. Only 26% are equipped to audit for misconfigurations in IaaS, which likely accounts for the lack of visibility.
- Cloud data loss in IaaS is on the rise as incidents triggered by DLP rules in IaaS are up 248% year over year. Forty-two percent of the storage objects with DLP incidents were misconfigured.
- Keeping track of security incidents in IaaS is increasingly difficult given the ease with which developers can spin up new infrastructure, and this is made worse when organizations operate in multiple cloud service provider environments.
“As large organizations scale out their use of cloud infrastructure, the opportunity for misconfiguration increases,” Flaherty said. “Initial configurations which may have been secure to start, can ‘drift,’ meaning as settings are changed, misconfigurations can be introduced over time.”
The report highlighted a shift from organizations primarily using AWS to an increasingly more balanced approach across multiple IaaS providers, which decreases the risk of dependence on one provider for issues like outage or failover, he said. As more organizations spread their deployments across multiple cloud providers, however, they need to ensure their security tools are also multicloud so they can maintain consistent visibility and control, he said.
“Seventy-six percent of respondents said they use multiple IaaS providers, yet data sourced from actual cloud usage shows 92% actually do,” Flaherty said. “Incidents will go under the radar if companies aren’t aware of where their infrastructure lives.”