Palo Alto Networks released latest report from Unit 42, “Cloud Security Trends and Tips: Key Learning to Secure Your AWS, Azure and Google Cloud Environments”.
Unit 42 looked at new and existing threats to cloud security from late-May through early-September 2018 and analyzed how enterprises are faring as they attempt to balance risk with efficiency.
Among other findings, the report shows:
- Account compromises are increasing in scale and velocity:
Credential compromises are becoming more commonplace, and organizations clearly need to enforce strong governance and access hygiene.
- Compliance is a work in progress:
There are signs of better protection of cloud storage services, but with the rise of sweeping regulations such as GDPR in Europe and California Consumer Privacy Act, many organizations still have much work to do before they achieve comprehensive compliance and governance across public cloud environments.
- Cryptojacking may be cooling:
More than a quarter (26%) don’t restrict outbound traffic at all, and 28% of databases receive inbound connections from the internet. It appears that the diminishing value of cryptocurrencies, along with better detection capabilities, is helping decrease cryptojacking attacks. This represents an opportunity to implement greater countermeasures before the next wave of attacks.
- A bright note in vulnerability management:
Cloud service providers (CSPs) provide a first line of defense by updating their infrastructures and services, but customers have a role to play in identifying and patching vulnerable hosts—and that can’t be done with standalone vulnerability scanning tools that were not designed for cloud architectures.
- Containing the container model:
One in three organizations use native or managed Kubernetes orchestration, and a quarter leverage managed services in the cloud such as Amazon Elastic Container Service for Kubernetes (EKS), Google Kubernetes Engine (GKE), and Azure Kubernetes Service (AKS). Such platforms make it easy for developers to deploy, manage and scale containerized applications.