Cloud Misconfigurations a Major Compliance Risk
Cloud misconfigurations are considered a data security risk by 95% of IT decision makers in the UK, according to a new study from Trend Micro. The findings highlight how human error is a major cause of organizations’ compliance problems and is obstructing their digital transformation.
Of those who regard cloud misconfiguration as a risk, 41% said it is a “great risk.” For those working in B2C, this rose to 57%, and in administrative or technical roles, 52%.
Nearly two-thirds (62%) of IT decision makers said they are extremely or very concerned about the legal and regulatory compliance implications of cloud threats like misconfiguration, and 27% stated they had experienced such an incident over the past year.
The most common forms of misconfiguration errors include leaving an unencrypted data store exposed to the public internet without any form of authentication required to access it, exposing data to all global users of the same cloud platform and leaving encryption keys and passwords in open repositories.
This provides cyber-criminals with opportunities to undertake nefarious activities such as stealing and ransoming data and installing malicious digital skimming code onto websites.
“From Capital One to the US government, the list of serious data leaks and breaches via misconfigured cloud systems is growing by the second. Trend Micro’s Cloud One – Conformity offering detects 230 million of these errors every single day,” commented Bharat Mistry, principal security strategist at Trend Micro.
“This tells us something important: organizations are struggling to find the in-house skills needed to keep pace with their complex hybrid and multi-cloud deployments. With just a few clicks of a mouse potentially exposing highly sensitive and regulated data, CISOs need to consider investments such as cloud security posture management to tackle escalating risk.”
There have been numerous instances of data being exposed due to cloud misconfiguration errors over recent years as more organizations store data in the cloud. Last month, thousands of domestic violence victims have had their emergency distress messages exposed after a developer misconfigured a back-end AWS bucket.
We’re 4tc Managed IT Services
4TC can support you with all the services you need to run your business effectively, from email and domain hosting to fully managing your whole IT infrastructure.
Setting up a great IT infrastructure is just the first step. Keeping it up to date, safe and performing at its peak requires consistent attention.
So we can act as either your IT department or to supplement an existing IT department. We pride ourselves in developing long term relationships that add value to your business with high quality managed support, expert strategic advice, and professional project management.
News Source: https://www.infosecurity-magazine.com/
Email: support@4tc.co.uk
Tel: 020 7250 3840
London Office
5th Floor, 167‑169 Great Portland Street
London
W1W 5PF
Essex Office
Dew Gates The Street
High Roding
Essex
CM6 1NT