Let’s fight against the 188% increase in cloud security incidents
While organizations made a rapid switch to the cloud during the pandemic, many of them struggled to correctly manage cloud security at the same time. This resulted in a 188% increase in cloud security incidents in the second quarter of 2020 (Unit 42 by Palo Alto Networks, 2021). This high number of incidents might overwhelm the security teams to a point that they don’t know where to start securing the cloud. Kahuna aims to help you get your security where it needs to be.
In one of our latest news articles, ‘Head in the clouds or stuck in the sand?’, we already wrote about the main trigger for security incidents in the cloud, misconfigurations. Unit 42, Palo Alto Networks’ threat intelligence team, explained this in their research report. This same team recently published a new ‘Cloud Threat Report’ in which they review cloud security in relation to the Covid-19 pandemic. We are pleased to share the most important findings with you.
When an organization is moving its workloads to the cloud on a rapid scale, which happened during the pandemic, it is important to scale security automation at the same rate. This can be done quite easily when infrastructure as code (IaC) templates are used correctly. If the security team automatically scans those templates, they will be able to secure the new environment throughout the whole process, from development to implementation.
Furthermore, among all data stored in the cloud, there is a lot of sensitive information. In fact, this is 64% of all data in the cloud according to Unit 42. Data storage in the cloud is popular due to the reliability, availability, and scalability of it. However, quite some of this data is publicly accessible, which means that everyone with the correct URL can access it without any form of authentication. It is important to protect data in the cloud before someone will make malicious use of it.
In the end, the vulnerabilities mentioned above were already there, but the pandemic made the situation even more challenging because of the sudden need to scale up in the cloud. The first step to fight against them is making sure that cloud security becomes part of all phases of the software development lifecycle. Furthermore, it is important to automate security processes.