IaaS and Cloud Native Breaches: Why companies are at risk

Forums Security News (Security) IaaS and Cloud Native Breaches: Why companies are at risk

Tagged: ,

  • This topic has 1 voice and 0 replies.
Viewing 0 reply threads
  • Author
    Posts
    • November 15, 2019 at 5:16 pm #36584
      Telegram SmartBoT
      Moderator
      • Topic 5959
      • Replies 0
      • posts 5959
        @tgsmartbot

        #News(Security) [ via IoTGroup ]

        Headings…
        IaaS and Cloud Native Breaches: Why companies are at risk
        Must-Read Cloud
        Cloud Insights Newsletter
        Also see
        Python is eating the world: How one developer’s side project became the hot
        How iRobot used data science, cloud, and DevOps to design its next-gen smar

        Auto extracted Text……

        Infrastructure-as-a-Service (IaaS) is at a great risk for Cloud-Native Breaches, with 99% of misconfiguration incidents in public cloud environments going undetected, according to a McAfee report released today.
        But in the rush to adopt IaaS, many companies have overlooked the need for security, assuming the cloud provider was handling it.
        As a result, there have been numerous Cloud-Native Breaches (CNB), which are an opportunistic attack on data left open by errors in how the cloud environment was configured, or misconfigurations.
        However, the rush to adopt this growing technology leaves security as an afterthought, with 99% of cloud misconfigurations going undetected by companies, McAfee’s Cloud Native: The Infrastructure-as-a-service (IaaS) Adoption and Risk report found.
        “Cloud misconfiguration is one of the most preventable, yet common security issues cloud customers face,” said Sekhar Sarukkai, vice president of engineering for cloud security at McAfee.
        Cloud infrastructure, or IaaS, is the most configurable, which introduces a higher risk of misconfiguration than SaaS.”
        Rather, the report identified a cloud-native breach as “a series of actions by an adversarial actor in which they ‘Land’ their attack by exploiting errors or vulnerabilities in a cloud deployment without using malware, ‘Expand’ their access through weakly configured or protected interfaces to locate valuable data, and ‘Exfiltrate’ that data to their own storage location.”
        This complacence reflected by our finding that only 26% of companies can currently audit for IaaS misconfigurations with their existing security tools.”
        “Additionally, most organizations are multicloud, meaning they use multiple cloud service providers for infrastructure, increasing the difficulty of auditing configurations across multiple platforms,” Sarukkai said

        Read More..
        AutoTextExtraction by Working BoT using SmartNews 1.0299999999 Build 26 Aug 2019

    • Author
      Posts
    Viewing 0 reply threads
    • You must be logged in to reply to this topic.