According to a Cloud Security Alliance survey on cloud security issues, insufficient identity, credential, access and key management for privileged accounts is the top concern around cloud cybersecurity. Cloud Security Alliance is a not-for-profit that promotes best practices for cloud computing.

Top issues revealed:

  1. Insufficient Identity, Credential, Access, and Key Mgt, Privileged Accounts
  2. Insecure Interfaces and APIs
  3. Misconfiguration and Inadequate Change Control
  4. Lack of Cloud Security Architecture and Strategy
  5. Insecure Software Development
  6. Unsecure Third-Party Resources
  7. System Vulnerabilities
  8. Accidental Cloud Data Disclosure
  9. Misconfiguration and Exploitation of Serverless and Container Workloads
  10. Organized Crime, Hackers & APT
  11. Cloud Storage Data Exfiltration

Conclusions:

  • Insufficient Identity, Credentials, Access, and Key Management holds the top spot
  • Misconfiguration and Inadequate Change Control previously held the second spot
  • Strategy and Architecture … held the third spot
Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Garret F. Grajek
Garret F. Grajek , CEO
InfoSec Expert
June 13, 2022 12:53 pm

There is no question there is a crisis in cloud administrative privileges. The Palo Alto Unit 42 survey showed that 99% of cloud administrative rights are overly permissive. And now we are seeing the results of these poorly managed resources – with ransomware and exfiltration attacks occurring daily – with the Shields Health Care Group just recently reporting a breach of 2 million records . The cloud is not a panacea – the concepts of least privilege (NIST 800-53 AC.6) must be adhered to in all resources – especially publicly accessible clouds.

Last edited 5 months ago by Garret F. Grajek
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x