"Aqua Security Researchers Discover 90% of Companies Are Vulnerable to Security Breaches Due to Cloud Misconfigurations"
Aqua Security has published new research from Team Nautilus, revealing that most companies that have transitioned to multi-cloud environments are failing to configure their cloud-based services properly. Findings from Aqua's "2021 Cloud Security Report: Cloud Configuration Risks Exposed" bring further attention to the threat that these misconfigurations pose to the security of organizations. For example, improperly configured blog or bucket storage can open companies up to major security breaches, resource hijacking, denial-of-service (DoS) attacks, and other severe cyber risks. Aqua's research team examined anonymized cloud infrastructure data from hundreds of organizations in a 12-month period. They divided users into two groups based on the volume of cloud resources they scanned. One group consisted of SMBs (small and medium-sized businesses), which scanned between one and several hundred resources. The other group was composed of enterprise users who scanned from several hundred up to a few hundred thousand distinct resources. Less than 1 percent of enterprise organizations fixed all detected issues, while less than 8 percent of SMBs fixed all the issues they detected. Over half of all organizations receive alerts about misconfigured services with open ports. However, only 68 percent of the organizations fixed these issues, taking an average of 24 days to address them. It was also discovered that over 40 percent of users had at least one misconfigured Docker API, with the average number of days to remediate being 60. This article continues to discuss findings from research conducted by Team Nautilus regarding most organizations' failure to fix cloud misconfiguration issues promptly.