Tenable also found that more than one-third of cloud environments are highly vulnerable due to a combination of factors including high privileges, publicly exposed workloads, and very weak security. This alarming ‘toxic cloud trio’ exposes these organizations to the risk of cyberattacks and highlights the need for immediate, strategic intervention.
The most prevalent issue is publicly exposed storage, which often contains sensitive data due to excessive permissions, making it a prime target for ransomware attacks. Additionally, inappropriate use of access keys remains a serious threat, with a whopping 84% of organizations holding unused high-privilege keys. As evidenced by incidents such as the MGM Resorts data breach that occurred in September 2023, this lack of security oversight has led to record-breaking security breaches.
Security issues in container orchestration
Another risk factor exists in the Kubernetes environment. The survey found that 78% of enterprises have publicly accessible Kubernetes API servers, with many allowing inbound Internet access and unrestricted user control. This lax security posture exacerbates potential vulnerabilities.
Addressing these vulnerabilities requires a comprehensive approach. Organizations must adopt context-driven security practices that integrate identity, vulnerability, misconfiguration, and data risk information. This integrated strategy allows for accurate risk assessment and prioritization. Complying with Pod Security Standards (PSS), restricting privileged containers, and managing access in Kubernetes is essential, as is regularly auditing credentials and permissions to enforce the principle of least privilege.
Prioritization is key
It is especially important to prioritize vulnerability improvement in high-risk areas. Through regular audits and proactive patching, you can minimize exposure and strengthen security resilience. These efforts should be coupled with strong governance, risk, and compliance (GRC) practices that ensure continuous improvement and adaptability of security protocols.
Cloud security requires a proactive attitude to mitigate risks by integrating technology, processes, and policies. Evolving from reactive measures to a sustainable security framework can better protect your cloud infrastructure and safeguard your data assets. What should companies do?
Implement strong access control measures. Regularly audit and check access keys to ensure they are necessary and have appropriate permission levels. Minimize the risk of unauthorized access by frequently rotating access keys and removing unused or unnecessary keys.
Strengthen identity and access management. Implement strict IAM policies that enforce the principle of least privilege. Use role-based access control (RBAC) to ensure users have access to only the resources they need to do their jobs.
Conduct regular security audits and penetration tests. It scans cloud environments to find and fix vulnerabilities and misconfigurations before attackers can exploit them. Instead of your own security team, it is better to hire an external organization that specializes in this type of work. How many times have you performed a post-mortem analysis of a breach and discovered that the company has been grading itself for years? These companies gave themselves an A rating and even tied it to a bonus.
Deploy automated monitoring and response systems. Automated tools provide continuous monitoring and real-time threat detection. Minimize the time between detection and resolution by implementing systems that can automatically respond to certain types of security incidents.
Follows Kubernetes best practices. Ensure that the Kubernetes API server is not publicly accessible unless necessary, and limit user permissions to reduce potential attack vectors.
Prioritize vulnerability management. All software and cloud services, especially those with high priority vulnerabilities, are regularly updated and patched to protect against newly discovered vulnerabilities.
Strengthen your governance, risk and compliance (GRC) framework. Continually develop and maintain strong GRC practices to evaluate and improve the effectiveness of security controls. This should include policy development, risk assessment, compliance tracking, and continuous improvement initiatives.
Train employees on security awareness. You should provide ongoing training and awareness programs to ensure that all employees understand the latest threats and best practices for maintaining security within cloud environments. As mentioned earlier, people are at the core of most cloud computing security issues.
The key is resources, not the availability of best practices and the right security tools. Many companies have all the tools and processes they need to succeed, but they don’t allocate the resources they need to do it effectively. This is why a major security incident occurred at MGM Resort.
editor@itworld.co.kr
Source: www.itworld.co.kr
