The expansion of AWS services has led to increased complexity, leading to 100% of companies surveyed for a report released Wednesday by Vectra having experienced at least one security incident in their public cloud environment.
The survey also found that 30% of respondents have no formal sign-off before pushing to production, 40% say they do not have a DevSecOps workflow, and 71% say that 10 or more people can modify the entire infrastructure in their AWS environments, creating numerous attack vectors for hackers.
On the plus side, as companies continue digital transformation efforts, the Vectra study found that AWS has become an even more critical component to organizations. The survey also found:
- 64% of DevOps respondents deploy new workload services weekly or even more frequently.
- 78% of organizations run AWS across multiple regions.
- 71% say that they use more than four AWS services, such as S3, EC2, and IAM.
Many IT decision makers are in the early stages of their cloud journey as evidenced by the findings that most aren’t following general cloud security best practices, said Sri Sundaralingam, vice president of cloud and security solutions at ExtraHop. However, our future’s are in the cloud, we need to start educating now about the role network security can play in an organization’s overall cloud security posture, he said.
“The network is the ultimate behavioral authority, representing an empirical source of behavioral evidence for the enterprise,” said Sundaralingam. “Tapping the network can provide packet-level visibility into cloud networks to track both north-south and east-west movement for incident response, situational awareness for emerging threats, and monitoring of intellectual property for privilege escalations and exfiltration of data. With most threats dwelling for 56 days before being flagged, teams need access to the data and tools to dig forensically into a threat and assess exposure, damage, and risk no matter what.”
Dirk Schrader, global vice president for security research at New Net Technologies, now a part of Netwrix, added that the ubiquitous use of public cloud environments has lead to security risks because there’s a lack of diligence in configuring them properly. Schrader said cloud customers are enticed to use more, and the easiness to spin up another instance generates a false sense where the customer leaves the responsibility for their security with the cloud provider.
“But Google, AWS, and Azure all reject that responsibility for any misconfiguration done by the user,” Schrader explained. “Technical controls supporting configuration hardening for an instance which also monitors the orchestration of instances needs to be considered by companies relying heavily on PaaS and IaaS in order to eliminate blind spots.”