The Orca Security 2020 State of Public Cloud Security Report found that as organizations across industries rapidly deploy more assets in the public cloud with Amazon, Microsoft, and Google, they are leaving numerous paths open for exploitation. Cloud estates are being breached through their weakest links of neglected internet-facing workloads, widespread authentication issues, discoverable secrets and credentials, and misconfigured storage buckets.
While public cloud providers such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) keep their platforms secure, customers are still responsible for securing the workloads, data, and processes they run inside the cloud – just as they do in their on-prem world. Such shared responsibility poses a serious challenge due to the speed and frequency of public cloud deployments.
For most organizations, cloud workload security is dependent upon the installation and maintenance of security agents across all assets. However, IT security teams are not always informed of cloud deployments, so this lack of visibility results in missed vulnerabilities and attack vectors.
While organizations must secure their entire estate, attackers only need to find a single weak link to exploit,” said Avi Shua, Orca Security CEO and co-founder. “It’s imperative for organizations to have 100 percent public cloud visibility and know about all neglected assets, weak passwords, authentication issues, and misconfigurations to prioritize and fix. The Orca Security 2020 State of Public Cloud Security Report shows how just one gap in cloud coverage can lead to devastating data breaches.”
Top report findings include:
Neglected Internet-Facing Workloads
Attackers look for vulnerable frontline workloads to gain entrance to cloud accounts and expand laterally within the environment. While security teams need to secure all public cloud assets, attackers only need to find one weak link.
- The study found more than 80 percent of organizations have at least one neglected, internet-facing workload – meaning it’s running on an unsupported operating system or has remained unpatched for 180 days or more
- Meanwhile, 60 percent have at least one neglected internet-facing workload that has reached its end of life and is no longer supported by manufacturer security updates
- 49 percent of organizations have at least one publicly accessible, unpatched web server despite increased awareness of how that can result in large data breaches (e.g., Equifax in 2017)
Authentication and Credential Issues
Weak security authentication is another way that attackers breach public cloud environments. The Orca Security study found that authentication and password storage issues are commonplace.
- Almost half the organizations (44 percent) have internet-facing workloads containing secrets and credentials that include clear-text passwords, API keys, and hashed passwords that allow lateral movement across their environment
- Meanwhile, 24 percent have at least one cloud account that doesn’t use multi-factor authentication for the super admin user; 19 percent have cloud assets accessible via non-corporate credentials
- Additionally, five percent have cloud workloads that are accessible using either a weak or leaked password
Lateral Movement Risk
All weak links combine to pose serious cloud security and lateral movement attack risk for any organization. Attackers also take advantage of knowing that internal servers are less protected than external internet-facing servers and that they can expand rapidly in search of critical data once inside a cloud estate.
- The security posture of internal machines is much worse than internet-facing servers, with 77 percent of organizations having at least 10 percent of their internal workloads in a neglected security state
- Additionally, six percent of internet-facing assets contain SSH keys that could be used to access adjacent systems
Report Resources Now Available:
About the Orca Security 2020 State of Public Cloud Security Report
Orca Security’s 2020 State of Public Cloud Security Report analyzed data from more than two million scans of 300,000 public cloud assets running on AWS, Azure, and GCP. Scanned accounts represented Orca’s customer base across numerous industries including financial services, professional services, travel, cloud computing, online marketplaces, entertainment, real estate, and more. The public cloud scans ran from November 6, 2019, to June 4, 2020.
About Orca Security
Orca Security is the cloud security innovation leader, providing instant-on, workload-level security and visibility into AWS, Azure, and GCP － without the gaps in coverage and operational costs of agents.
Delivered as SaaS, Orca Security’s patent-pending SideScanning™ technology reads your cloud configuration and workloads’ runtime block storage out-of-band, detecting vulnerabilities, malware, misconfigurations, lateral movement risk, weak and leaked passwords, and unsecured PII.
Orca Security deploys in minutes – not months – because no opcode runs within your cloud environment. With Orca, there are no overlooked assets, no DevOps headaches, and no performance hits on live environments.
And unlike legacy tools that operate in silos, Orca treats your cloud as an interconnected web of assets, prioritizing risk based on environmental context. This does away with thousands of meaningless security alerts to provide just the critical few that matter, along with their precise path to remediation.
Connect your first cloud account in minutes and see for yourself. Visit orca.security.