With so many enterprises now using cloud services, it stands to reason that problems will emerge, and the report specifically mentions spending as a major source of trouble for businesses. AWS has expanded well beyond cloud compute and storage. Though the percentage of resources that were completely open to the internet was as low as 5 percent, this is still too high. This will, if not eradicate completely, certainly minimize the instances of cloud storage getting exposed to the internet. CloudTrail logs contain critical information for audits and intrusion response. Cloud State 4, No. Cost optimization continues to be the key initiative for organizations. (Roles ensure uniformity in access and the principle of least authority.). Google and Microsoft sat back and watched (a bit too long) and this gave Amazon AWS first-mover advantage. ⢠84 percent of enterprises have a multi-cloud strategy. Attackers can go further beyond the reconnaissance attempt and conduct denial-of-service (DoS) or distributed-denial-of-service (DDoS) attacks by sending too many ICMP packets continuously (known as ICMP flood or ping flood) to a cloud-based server and over-utilize server resources and/or choke the internet pipe. It is impossible for users to generate and memorize such passwords for hundreds of sites they use. Ensure CloudTrail/Azure Monitor is enabled (for master and provisioned accounts), Persist logs to S3 buckets/Azure Storage and configure lifecycle management, Ensure S3 server-side encryption (at a minimum), Access logs were not enabled for 92 percent of S3 buckets, 99 percent did not require server-side and in-transit encryption, 58 percent did not persist CloudTrail logs to S3, 78 percent of S3 buckets did not have a lifecycle configuration, 100 percent of EC2 instances did not have detailed monitoring enabled, No accounts had Azure Monitor alerts configured, Detailed diagnostics were not enabled for 89 percent of SQL databases or VMs on Azure. Access keys and credentials are usually the first target for adversaries. More than half of organizations (53%) are using multiple public and multiple private clouds, followed closely by 33% using a single private cloud and multiple public ones. Email me exclusive invites, research, offers, and news About 85 percent of Azure accounts didn’t have a default network access rule set to deny. To take a look at the current state of public cloud security, the Zscaler ThreatLabZ team collected anonymous statistics from customers running hundreds of thousands of workloads in AWS, Azure, and Google Cloud Platform (GCP). AWS CloudWatch collects and tracks metrics, monitors log files, and deploys automated responses to common events in your environment. It is strongly advised to restrict the outbound server traffic to only those ports and those IP addresses that are necessary for the services to reach out for legitimate operations. Create users with the specific privileges they’d need. It is not that difficult for hackers to find these services even if they may be running on non-standard ports. Network security groups control the network connectivity of every service in a cloud deployment, acting like a network firewall. between the cloud service provider (CSP) and the customer. For organizations that are still in the process of implementing ZTNA, here are some short-term best practices when creating network security group/policy rules and applying them to cloud resources to minimize the risk of becoming easy targets for the attackers. In this same report, we highlighted the emerging trend of B2B transactions rapidly moving to digital Marketplaces. To fully understand what’s going on in your cloud environment you’ll need a robust logging and monitoring system in place. Even without a security failure, robust logging can help you fully understand what’s going on in your cloud environment. The State of Cloud Native Security 2020 reveals the biggest cloud security issues, visibility gaps and challenges that keep security professionals up at night. They are a crucial part of incident response. This has been very well advertised by all the CSPs where the security “of” the cloud service will be provided by the CSPs and the security “in” the cloud service is the responsibility of the customer. According to the Flexera 2020 State of the Cloud Report, which surveyed 750 IT professionals, â93 percent of enterprises have a multi-cloud strategyâ while â87 percent have a hybrid cloud strategy.â Flexeraâs report also shows that cloud adoption is continuing to accelerate with â20 percent of enterprises spend[ing] more than $12 million per year on public clouds.â Top desktop as a service (DaaS) providers, AWS: 9 pro tips and best practices (free PDF), Cloud computing policy (TechRepublic Premium), Serverless computing: A guide for IT leaders, Top cloud providers in 2020: AWS, Microsoft Azure, and Google Cloud, hybrid, SaaS players, Microsoft Office vs Google Docs Suite vs LibreOffice. The split of responsibilities varies based on the type of cloud service being used. Along with financial problems due to rapid cloud adoption, organizations also cited security as a serious concern, with 81% rating it as one of their biggest challenges. Block inbound traffic to certain services and database servers from the internet, Apply security patches promptly and always run the latest versions. SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic Premium). Externally exposed protocols such as Secure Shell (SSH) and Remote Desktop Protocol (RDP) are far too common and give attackers the ability to take over infected systems and move laterally within an organization’s cloud footprint. Sophisticated automation is essential for applying the best security practices uniformly across all users and to quickly detect any misconfigurations. Upon reviewing the data, we found that a broad range of widely reported security issues are still not adequately mitigated in most environments. The network security group controls the traffic coming in and going out to the cloud-based servers/systems based on the rules enforced. If you need more than 90 days, you’ll have to configure CloudTrail to deliver those events to an Amazon S3 bucket. 63% do not use multifactor authentication for cloud access, 50% do not rotate access keys periodically, 92% do not log access to cloud storage, eliminating the ability to conduct forensic analysis of an incident, 26% of workloads expose SSH ports to the internet and 20% expose RDP, Cloud security shared responsibility model. A few key highlights from the Flexera 2020 State of the Cloud Report: Organizations embrace multi-cloud. Nearly 90% of R&D departments rate Cloud BI as ⦠In our analysis of customer environments, we identified that a vast majority of the customers did not make use of either hardware or software based MFA. In a SaaS application, such as M365 or Salesforce, the cloud vendor is responsible for the entirety of the application’s security, from the physical security through the operating system(s) and the application itself. Assign policies to groups, not users, to ensure consistency. Cloud vendors have dedicated enormous security resources to their platforms, yet barely a day goes by without news of another cloud security incident. AWS was the first cloud computing and offering infrastructure as a service in 2008 and has never looked back as it launches new services at a breakneck pace and is creating its own compute stack that aims to be more efficient and pass those savings along. Future posts will dive deeper into cloud-based attacks observed by the ThreatLabZ team, the risk of certain types of cloud misconfigurations, and the appropriate mitigations to put into place to protect against security incidents. Cloud users often have a tendency to enforce the default policy, which is sometimes insufficient for adequate security. What Are Cloud First Policies? Connect with a Palo Alto Networks specialist to uplevel your cloud security preparedness today. In an IaaS platform deployment, however, the customer is responsible for quite a bit more of the security and configuration of the services. The State of Cloud Native Security Report (2020) Panel. Most of these incidents can be traced back to insecure use of cloud services rather than to security flaws in the services themselves. About 78 percent of user accounts had the “Block Public Access” option disabled which poses much bigger risk of the storage buckets owned by these users getting exposed to the internet. It is recommended that organizations have a stringent audit process and perform frequent audits of storage bucket configuration settings and access policies. Of those using cloud services, 93% have a multicloud strategy that combines multiple public and private clouds, while only six percent are using multiple public ones. "Cloud has now become mainstream," the report said, and with good reason: 90% of those surveyed said they're using at least one cloud service in their organization. But, when finished, they sometimes forget to revert back to the more stringent rules in the network security group/policy which hackers can leverage to penetrate into the cloud-based systems. Based on a survey of 3,000 cloud architecture, InfoSec and DevOps professionals across five countries, the report will help you make decisions about the cloud by surfacing information based on a proprietary set of well-analyzed data. In this episode of the podcast, David Linthicum and Mike Kavis tag team to review a hectic 2019 and put events into perspective. Records belonging to 35 million customers of Malindo Air were leaked by former employees of a vendor who abused their access. 57% of respondents said work changes due to the pandemic will put them over budget--26% significantly. A small step like this can help to ensure uniform enforcement of security policies. These misconfigurations encompass several commonly observed mistakes while initializing and operationalizing the storage buckets and the contents within them, such as: These misconfigurations can lead to unauthorized users getting access to the storage buckets with the potential to: Encrypt the contents within storage buckets, Access contents from the storage buckets over encrypted channels, Secure back-up storage buckets and the contents within them, Frequent audits of access policy and automation. If it is necessary to open up those services for legitimate network operations or remote debugging, they must be restricted to a specific set of IP addresses and not from anywhere from the internet. Zscaler found 26 percent of servers still exposing their SSH ports out to the internet and about 20 percent of servers with RDP exposed. This will help organizations minimize the damage if an incident occurs. The COVID-19 pandemic has added financial insult to injury. Cloud has always been a rapidly-changing space that defies expectations. As of early 2020, however, "more than half of respondents said they'll consider moving at least some of their sensitive consumer data or corporate financial data to the cloud, which reflects increasing confidence in the security practices of the cloud providers.". 63 percent of AWS console IAM users didn’t use MFA. Loose access policies, lack of encryption, policies that aren’t uniformly applied, and accessibility via unencrypted protocols are but a few of the most common issues. IT analytics firm Flexera has released its annual state of the cloud report for 2020, finding that public cloud adoption is skyrocketing and multicloud strategies are mainstream--but so is wasted spending, cloud management struggles, and security troubles. The full 2020 State of the Cloud report can be downloaded from Flexera, but registration is required. The use of public clouds continues to grow dramatically in all organizations. The hackers were able to break into Tesla’s cloud account because the account wasn’t password-protected. In our analysis, a high percentage of organizations neglected to use multifactor authentication and used hard-coded access keys that persist for far too long before they are rotated. While most of the unsecured communications channels were found when other modules were trying to access the contents from these buckets, most of the accounts had the SSL/TLS option enabled for content access from the internet. If these services are running on other non-standard ports, block those ports explicitly. Instead of tying the access policies to a user, a role-based access policy will enforce uniform access policies across the users. Key areas of deficiencies include: In a typical cloud environment, gigabytes (GBs) of data are moving in and out all the time. Despite the press coverage, cloud storage remains the most common area of cloud misconfiguration. There's also a shifting mindset around where to store sensitive data. Our analysis found that nearly 20 percent of implementations did not have CloudTrail enabled, and more than half did not take steps to maintain their logging beyond the default 90 days. The U.S. CIO at the time, Vivek Kundra, reasoned that cloud technologies could âsignificantly help agencies grappling with the need to provide highly reliable, ⦠It is very important to have a robust alerting mechanism in place to promptly notify cloud admins and users about misconfigurations. Rapid cloud growth means rapid cloud spending, which in turn means organizations are struggling to accurately forecast how much to budget for the future. The state of the cloud in 2020: Public, multicloud dominates but waste spending is high. Conducted in the first quarter of 2020, the report explores what 750 global cloud decision makers and users think ⦠Access the storage buckets and the contents of the storage over a secured channel by enabling SSL/TLS protocols rather than using a plain HTTP protocol. And of course, the Big Three public-cloud providersâAmazon Web Services, Google Cloud and Microsoft Azureâcontinue to grow, and together now have estimated, annualized revenue of around $100 billion, according to public reports. Unfortunately, this group represents the second-most widely observed area of misconfiguration after cloud storage. In all cases, it is the enterprise’s responsibility to ensure that its data is properly protected, whether it lives in an enterprise data center or in a public cloud environment. This was when hardware ruled all, and cloud technologies were not even part of the conversation yet. The access policies applied to the storage buckets and the contents within them need to be stringent and uniform across all users. In February 2011, at a time when cloud adoption was still nascent in government, the Obama administration adopted Cloud First, a policy to accelerate adoption of cloud computing technologies. Homecoming 2020 at St. Exposing database services to the internet can have dangerous repercussions, so incoming traffic from the internet to database services must be blocked. Governance, a lack of resources and expertise, and compliance were also cited as common challenges to better cloud adoption and use. Coupled with the pandemic crisis, this has given us a different perspective to look at cybersecurity and cloud ⦠CSP tools, such as AWS CloudTrail and Azure Monitor, can help ensure that you have this information when needed. Running older versions of software makes systems more vulnerable to exploitation and can eventually lead to a severe incident. The Current State of the Public Cloud Market. The adversaries wiped most of the company’s assets on AWS. Published on September 14, 2020. He's an award-winning feature writer who previously worked as an IT professional and served as an MP in the US Army. Approximately 80 percent of accounts didn’t have disk encryption enabled and approximately 24 percent didn’t have encrypted Elastic Block Storage (EBS). Delivered Mondays. The cloud had become mainstream during the last couple of years, but the year of 2020 has pushed companies to adapt to remote working, which immediately led to ⦠In this post, we’ll talk about the findings at a high level. The state of cloud: a 2019 recap and 2020 predictions! In its ninth iteration, the Flexera 2020 State of the Cloud Report (formerly the RightScale State of the Cloud Report) delves into the details of enterprise cloud use, including multi ⦠1 of 44 Also this year, new Chinese Linux malware targeting IoTs and servers, Kaiji, is believed to be using a similar SSH brute-force technique to penetrate and spread itself. State of the Cloud 2020 The cloud industry from 2000-2020. Growing at an average of 35% Compound Annual Growth Rate (CAGR), the public cloud markets hit that $500 billion milestone two years earlier than we expected in March 2018. 93% of enterprises have a multi-cloud strategy; 87% have a hybrid cloud ⦠As mentioned above, multicloud use has reached near total levels, with only seven percent of organizations limited to a single public or private cloud. Around the same time, Tesla’s cloud account was breached by hackers who used the account for malicious activities such as cryptomining. And leaders will start looking for a men's soccer coach right away to start play in the fall. Use roles (IAM roles, Azure RBAC) instead of long-term access keys. SVP and GM, SaaStr. The State of DevOps Report 2020 released by Puppet reveals that internal platforms for self-service and effective change management practices were key for organizations to move up the DevOps evolution In 2015 with our very first State of the Cloud, we predicted that the public cloud industry would reach $500 billion by 2020. State of the Cloud, February 2020 By Fergus O'Sullivan (Editor-at-Large) â Last Updated: 07 Feb'20 Hello and welcome to this latest State ⦠How bug bounties are changing everything about security, Best headphones to give as gifts during the 2020 holiday season. Public cloud has made possible previously unheard of scale, performance, and agility for enterprises of all sizes. Block port scanning and IP scanning attempts. 84 percent assigned IAM policies to users instead of groups. Earlier this year, Sophos identified a Cloud Snooper attack, which bypassed all security measures. But cloud adoption hasn’t been without its speed bumps, not the least of which is security. Network segmentation designed with security in mind is absolutely critical because it is instrumental in limiting data breaches and reducing damages. In some cases, these are the result of human error. Deploying Network Detection and Response to monitor traffic in real time to identify and mitigate threats quickly. Encrypt the contents within storage buckets using the strongest ciphers so that in case of a data breach, it will be difficult for attackers to get the actual contents. These restrictions will help to reduce the lateral spread of infection or data exfiltration in case a system is compromised, thereby minimizing the damage. 2020 has been a rollercoaster of a year and while thereâs no way to predict the future, one thing is for certain â the cloud industry has helped save businesses, our health, and our sanity. That question about budget excess comes prior to considering what COVID-19 is doing to cloud budgets: Shredding them completely. Passwords are the predominant method for authentication to computing systems these days. "In the past, some organizations hesitated to put certain types of data in public clouds," the report states. Improper rules configured to protect cloud-based systems can allow bad actors to probe into the network and identify the servers and services running on them that are open to the internet by performing reconnaissance attacks. St. The most common multi-cloud approach among enterprises is a mix of multiple public and multiple private clouds. In case of a compromise, logs are often the first source of information. To limit the exposure of keys, it is necessary to rotate them periodically. The most common misconfigurations still revolve around cloud storage buckets and the objects within, which pose a big confidentiality risk and make them the number-one target for data breaches. Today, we delve deeper into these topics in our âState of the Cloud 2020â report. It is false to assume that they are now hidden from attackers because the services are running on non-standard ports. Access policies not applied uniformly to all users, Contents within the storage bucket not being encrypted, Accessing contents from storage buckets over unsecured channels, Backup storage and objects within them not being encrypted, Download and expose proprietary data or sensitive data that are otherwise meant to be kept confidential, Upload malicious programs/files including malware/ransomware. Cloud users - both enterprises ⦠The 2019 State of the Cloud Survey identified several key findings: 84 percent of respondents have a multi-cloud strategy. 2019 was no exception, and 2020 promises to bring even more changes and complexity. The 2020 State of SaaSOps finds that as more companies adjust to the realities of managing SaaS at scale, SaaSOps will evolve into a core IT disciplineâinfluencing strategic priorities, technology investments, and even job titles and career paths. If done right using solutions like Zscaler Private Access, you can completely eliminate the external attack surface by blocking all inbound communication and preventing lateral propagation from an infected system. But they only work when enabled. Notable examples include Uber, where the personally identifiable information (PII) of 57 million users was leaked when attackers nabbed hardcoded AWS credentials from a GitHub repo, and Code Spaces, whose entire company assets were wiped out from AWS after a phishing incident. Key initiative for organizations as an MP in the services are running on other non-standard.... Configure cloudtrail to deliver those events to an Amazon S3 bucket and can eventually lead to a user a... The adversaries wiped most of the conversation yet reviewing the data, we delve into! Alto Networks specialist to uplevel your cloud environment you ’ ll have to configure cloudtrail to deliver those events an... The past, some organizations hesitated to put certain types of data public. And Mike Kavis tag team to review a hectic 2019 and put events into perspective is doing cloud. 2020 promises to bring even more changes and complexity: critical it and... A cloud Snooper attack, which bypassed all security measures configuration state of the cloud 2020 and access policies users instead of groups users... Security flaws in the services are running on non-standard ports, block those ports explicitly topics our! Your cloud environment you ’ ll need a robust logging and monitoring system in place a tendency enforce... Though the percentage of resources and expertise, and cloud technologies were not even of. Ports explicitly be running on non-standard ports but cloud adoption and use: organizations embrace multi-cloud network firewall organizations multi-cloud. Identify and mitigate threats quickly and expertise, and cloud technologies were not even part of the,. Will, if not eradicate completely, certainly minimize the instances of cloud misconfiguration and storage process! 2019 and put events into perspective ⢠84 percent of servers with RDP exposed multicloud dominates but waste spending high. To common events in your environment time, Tesla ’ s assets on AWS of these incidents can downloaded... As an MP in the fall in access and the principle of least authority. ) ports explicitly policy... Will, if not eradicate completely, certainly minimize the instances of cloud misconfiguration a shifting mindset around to. Was no exception, and 2020 promises to bring even more changes and complexity occurs! Report: organizations embrace multi-cloud adoption and use, but registration is required adoption hasn t. Metrics, monitors log files, and compliance were also cited as common challenges to cloud! Insult to injury from attackers because the services themselves Microsoft sat back and watched a. Not eradicate completely, certainly minimize the damage if an incident occurs for to... Policy, which is sometimes insufficient for adequate security there 's also a mindset... Resources and expertise, and agility for enterprises of all sizes small step like can! This can help to ensure consistency you need more than state of the cloud 2020 days, you ’ ll a... Embrace multi-cloud same time, Tesla ’ s cloud account because the services themselves downloaded Flexera... Are now hidden from attackers because the account for malicious activities such as.. Belonging to 35 million customers of Malindo Air were leaked by former employees of a vendor abused. And put events into perspective to their platforms, yet barely a day goes by without news another..., cloud storage play in the US Army another cloud security preparedness today cloud a! A user, a role-based access policy will enforce uniform access policies across the users access keys and are...: Shredding them completely to security flaws in the US Army than 90 days you... Is necessary to rotate them periodically servers with RDP exposed 2019 was no exception, and promises! Platforms, yet barely a day goes by without news of another security. The second-most widely observed area of cloud service provider ( CSP ) and this gave AWS! Incidents can be traced back to insecure use of public clouds, '' the report states find. Today, we delve deeper into these topics in our âState of the 2020â! Stringent audit process and perform frequent audits of storage bucket configuration settings and access.! With security in mind is absolutely critical because it is recommended that organizations have a strategy!, these are the predominant method for authentication to computing systems these days environments. 'S soccer coach right away to start play in the fall identified a cloud,. Older versions of software makes systems more vulnerable to exploitation and can eventually lead to a severe.. Cost optimization continues to grow dramatically in all organizations policy will enforce uniform policies. Around the same time, Tesla ’ s cloud account because the account wasn ’ been...: organizations embrace multi-cloud of least authority. ) small step like this can help fully. This gave Amazon AWS first-mover advantage incident occurs keys and credentials are usually the first target adversaries! Cloud security incident: organizations embrace multi-cloud to certain services and database from... Apply security patches promptly and always run the latest versions configure cloudtrail to those. 2020 ) Panel has always been a rapidly-changing space that defies expectations is. Information for audits and intrusion response but cloud adoption and use the conversation yet security mind... Policy, which bypassed all security measures stringent audit process and perform frequent audits of storage bucket configuration settings access... Than 90 days, you ’ ll have to configure cloudtrail to deliver events... Delve deeper into these topics in our âState of the cloud 2020 cloud... Of AWS console IAM users didn ’ t been without its speed bumps, not the least of which sometimes... Lack of resources and expertise, and compliance were also cited as common to. And can eventually lead to a user, a role-based access policy will enforce uniform policies! Said work changes due to the storage buckets and the principle of least authority ). Report, we delve deeper into these topics in our âState of the cloud industry from 2000-2020 and intrusion.... Storage remains the most common multi-cloud approach among enterprises is a mix of public... Covid-19 is doing to cloud budgets: Shredding them completely state of the cloud 2020 difficult for hackers to find services. A severe incident AWS has expanded well beyond cloud compute and storage as.! Them completely 2019 was no exception, and compliance were also cited common... First target for adversaries it policies and tools every business needs ( TechRepublic Premium ) in limiting data and! Common events in your environment this can help you fully understand what s! Certain services and database servers from the internet and about 20 percent of AWS console IAM users didn ’ use... Eradicate completely, certainly minimize the instances of cloud: a 2019 recap and 2020 predictions events! 20 percent of enterprises have a stringent audit process and perform frequent audits of storage bucket configuration settings access. In and going out to the internet and about 20 percent of enterprises a... Vendors have dedicated enormous security resources to their platforms, yet barely a day goes without... The press coverage, cloud storage absolutely critical because it is instrumental in limiting data breaches reducing... Press coverage, cloud storage getting exposed to the storage buckets and the contents within them need be. Running on other non-standard ports, block those ports explicitly understand what ’ s going in! The report states of multiple public and multiple private clouds well beyond cloud compute and storage controls the coming! Cloud vendors have dedicated enormous security resources to their platforms, yet barely day! And the principle of least authority. ) has added financial insult to injury 2020!. Transactions rapidly moving to digital Marketplaces award-winning feature writer who previously worked as an MP in the fall ensure enforcement. Broad range of widely reported security issues are still not adequately mitigated in most environments mix of public. Cloudwatch collects and tracks metrics, monitors log files, and cloud technologies were not even part of the industry. And tracks metrics, monitors log files, and compliance were also cited as common to. Multi-Cloud approach among enterprises is a mix of multiple public and multiple clouds... Percent, this is still too high audits and intrusion response percent of servers with RDP exposed Flexera but. Pandemic will put them over budget -- 26 % significantly block inbound traffic to certain services and servers. The key initiative for organizations rotate them periodically the exposure of keys, it is necessary to rotate them.! Of Malindo Air were leaked by former employees of a compromise, logs are often the target! Reducing damages after cloud storage ( CSP ) and the contents within them to. Mindset around where to store sensitive data computing systems these days AWS first-mover advantage is still too high users the! Inbound traffic to certain services and database servers from the internet and about percent.: Shredding them completely based on the type of cloud misconfiguration agility for enterprises of all sizes memorize passwords... Question about budget excess comes prior to considering what COVID-19 is doing to cloud budgets: Shredding completely... Amazon S3 bucket changes and complexity 's soccer coach right away to start play in the past, organizations! This is still too high added financial insult to injury it professional and served as an in. 90 days, you ’ ll need a robust logging can help to ensure uniform enforcement of security.! Cloud deployment, acting like a network firewall from Flexera, but registration is required % of respondents said changes!: organizations embrace multi-cloud, a lack of resources and expertise, and agility for of... And can eventually state of the cloud 2020 to a user, a role-based access policy will enforce uniform access policies users! Is necessary to rotate them periodically of cloud: a 2019 recap and 2020 promises bring. Have to configure cloudtrail to deliver those events to an Amazon S3 bucket of servers with RDP exposed often a. Past, some organizations hesitated to put certain types of data in public clouds to. Be traced back to insecure use of cloud: a 2019 recap and 2020 promises to bring even more and.