According to a Cloud Security Alliance survey on cloud security issues, insufficient identity, credential, access and key management for privileged accounts is the top concern around cloud cybersecurity. Cloud Security Alliance is a not-for-profit that promotes best practices for cloud computing.
Top issues revealed:
- Insufficient Identity, Credential, Access, and Key Mgt, Privileged Accounts
- Insecure Interfaces and APIs
- Misconfiguration and Inadequate Change Control
- Lack of Cloud Security Architecture and Strategy
- Insecure Software Development
- Unsecure Third-Party Resources
- System Vulnerabilities
- Accidental Cloud Data Disclosure
- Misconfiguration and Exploitation of Serverless and Container Workloads
- Organized Crime, Hackers & APT
- Cloud Storage Data Exfiltration
Conclusions:
- Insufficient Identity, Credentials, Access, and Key Management holds the top spot
- Misconfiguration and Inadequate Change Control previously held the second spot
- Strategy and Architecture … held the third spot
There is no question there is a crisis in cloud administrative privileges. The Palo Alto Unit 42 survey showed that 99% of cloud administrative rights are overly permissive. And now we are seeing the results of these poorly managed resources – with ransomware and exfiltration attacks occurring daily – with the Shields Health Care Group just recently reporting a breach of 2 million records . The cloud is not a panacea – the concepts of least privilege (NIST 800-53 AC.6) must be adhered to in all resources – especially publicly accessible clouds.