Cybersecurity experts from Palo Alto Networks believe they’ve figured out why cloud misconfigurations happen so frequently.
According to the company's latest cloud threat report, businesses hurry to automate as much of their cloud infrastructure build processes as possible, and in so doing create new infrastructure as code (IaC) templates.
As this is happening “without the help of the right security tools and processes”, businesses end up creating infrastructure building blocks that are filled with “rampant vulnerabilities”.
According to the report, businesses are using more than 200,000 insecure templates, with roughly two-thirds (65 per cent) of cloud incidents occurring due to “simple misconfigurations”.
More than four in ten cloud databases (43 per cent) are not encrypted, and six in ten cloud storage services have logging disabled.
The report states that IaC allows businesses to enforce security standards in a systematic way, but they are not utilising the benefits.
"It only takes one misconfiguration to compromise an entire cloud environment. We found 199,000 of them,” said Matthew Chiodi, Chief Security Officer of Public Cloud for Palo Alto Networks.
“The good news is infrastructure as code can offer security teams many benefits, such as enabling security to be injected early into the software development process and embedding it into the very building blocks of an organisation’s cloud infrastructure.”