Misconfiguration is biggest risk to cloud environments

A new report from Trend Micro reaffirms that misconfigurations are the primary cause of cloud security issues, finding risk to be prevalent and widespread amid a daily average of 230 million misconfigurations.

“Cloud-based operations have become the rule rather than the exception, and cybercriminals have adapted to capitalise on misconfigured or mismanaged cloud environments,” said Greg Young, VP of cybersecurity for Trend Micro.

“We believe migrating to the cloud can be the best way to fix security problems by redefining the corporate IT perimeter and endpoints,” said Young. “However, that can only happen if organisations follow the shared responsibility model for cloud security. Taking ownership of cloud data is paramount to its protection, and we’re here to help businesses succeed in that process.”

The research found threats and security weaknesses in several key areas of cloud-based computing, which can put credentials and company secrets at risk.

Criminals that capitalise on misconfigurations have targeted companies with ransomware, cryptomining, e-skimming and data exfiltration.

Misleading online tutorials compounded the risk for some businesses leading to mismanaged cloud credentials and certificates. IT teams can take advantage of cloud native tools to help mitigate these risks, but they should not rely solely on these tools, the report concludes.

Trend Micro recommends several best practices to help secure cloud deployments —restricting access to only those who need it, customers must realise their responsibility for securing their own data, monitor for misconfigured and exposed systems, and integrate security into DevOps culture.