Hacks involving AWS S3 storage servers highlight security challenges enterprises face in the race to the cloud, according to RedLock.
Cloud security remains a major issue for many companies, as more than half of organizations publicly exposed at least one cloud storage service in the last year, according to a Tuesday report from RedLock.
A number of enterprises using Amazon Web Services (AWS) S3 Simple Cloud Storage Service—including Dow Jones, Verizon, FedEx, and Tesla—experienced breaches in the past year. However, in most of these cases, AWS was not to blame. For example, at FedEx and Tesla, critical data was left exposed after unsecured AWS S3 storage servers were found without passwords protecting them.
As companies try to quickly move to the cloud, many overlook key security steps in the process, particularly around identity management and access control.
SEE: Cloud migration decision tool (Tech Pro Research)
On average, 27% of organizations experienced potential account compromises in the past year due to cloud security failures, the RedLock report found. Nearly a quarter of enterprises (24%) have hosts missing high-severity vulnerability patches in the public cloud—essentially providing an open invitation to cybercriminals. Major companies including MongoDB, Elasticsearch, Intel, and Drupal were all impacted by cloud vulnerabilities over the past year, the report noted.
Cryptojacking—the practice of stealing cloud compute resources to mine cryptocurrency—has also gone mainstream, the report found. Some 25% of organizations suffered from cryptojacking incidents this quarter—up from 8% reported in the last quarter.
"We understand why there might be fatigue with endless reports on IT infrastructures that lack adequate security, and there are signs that corporations are stepping up initiatives to minimize vulnerabilities, but there's definitely more to do," Gaurav Kumar, CTO of RedLock, said in a press release. "Cloud computing environments bring tremendous flexibility and great economies of scale, but those advantages are meaningless without top-level security."
Building a slide deck, pitch, or presentation? Here are the big takeaways:
- 51% of companies publicly exposed at least one cloud storage service in the past year. — RedLock, 2018
- 25% of organizations suffered from cryptojacking incidents in Q2 2018, up from 8% in Q1. — RedLock, 2018
- Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)
- Unsecured server exposed thousands of FedEx customer records (ZDNet)
- Amazon S3: A cheat sheet (TechRepublic)
- Alteryx S3 leak leaves 123m American households exposed (ZDNet)
- 88% of employees have no clue about their organization's IT security policies (TechRepublic)