Cloud Misconfigurations a Major Compliance Risk, Say IT Decision Makers


Cloud misconfigurations are considered a data security risk by 95% of IT decision makers in the UK, according to a new study from Trend Micro. The findings highlight how human error is a major cause of organizations’ compliance problems and is obstructing their digital transformation.

Of those who regard cloud misconfiguration as a risk, 41% said it is a “great risk.” For those working in B2C, this rose to 57%, and in administrative or technical roles, 52%.

Nearly two-thirds (62%) of IT decision makers said they are extremely or very concerned about the legal and regulatory compliance implications of cloud threats like misconfiguration, and 27% stated they had experienced such an incident over the past year.

The most common forms of misconfiguration errors include leaving an unencrypted data store exposed to the public internet without any form of authentication required to access it, exposing data to all global users of the same cloud platform and leaving encryption keys and passwords in open repositories.

This provides cyber-criminals with opportunities to undertake nefarious activities such as stealing and ransoming data and installing malicious digital skimming code onto websites.

“From Capital One to the US government, the list of serious data leaks and breaches via misconfigured cloud systems is growing by the second. Trend Micro’s Cloud One – Conformity offering detects 230 million of these errors every single day,” commented Bharat Mistry, principal security strategist at Trend Micro.

“This tells us something important: organizations are struggling to find the in-house skills needed to keep pace with their complex hybrid and multi-cloud deployments. With just a few clicks of a mouse potentially exposing highly sensitive and regulated data, CISOs need to consider investments such as cloud security posture management to tackle escalating risk.”

There have been numerous instances of data being exposed due to cloud misconfiguration errors over recent years as more organizations store data in the cloud. Last month, thousands of domestic violence victims have had their emergency distress messages exposed after a developer misconfigured a back-end AWS bucket.



Source link

Recent articles

Ohio Governor Says His Flawed Virus Test Shouldn’t Undercut New, Rapid Methods

Gov. Mike DeWine of Ohio, who last week tested positive for the coronavirus, then negative and then negative again, said on CNN on...

Egypt extends detention of Al Jazeera journalist Mahmoud Hussein | News

Egyptian authorities have extended the detention of Al Jazeera journalist Mahmoud Hussein by another 45 days. The extension on Sunday came more than 1,300...

Created with Blender 2.8: ‘Take on me’ cover: Arrangement for Flute orchestras

PiDi writes: 'Take on me' cover: Arrangement for Flute orchestras (Cover) Similar to the original video, it looks like a comic book. All image effects were...

Looks Like AT&T Cancelled Plans for WB Interactive Sale

Following months of reports about its sale, Warner Bros. Interactive Entertainment seems to be resting safely with AT&T for now, if comments by...

Leave a reply

Please enter your comment!
Please enter your name here