Tenable Findings Reveal 'Toxic Cloud Triad’ Enterprises Face
Cloud computing reshapes the business landscape, enhancing scalability, flexibility, and cost savings.
As global organisations increasingly depend on cloud services for storing data, hosting applications, and managing infrastructure, the significance of stringent cloud security cannot be overstated.
This surge underscores the urgency for firms to fortify their cloud setups against security breaches.
Meanwhile, Tenable, experts in exposure management, draw attention to the 'toxic cloud triad' in their 2024 Cloud Risk Report, underlining major security threats looming over today's cloud spaces.
The 'toxic cloud triad' denotes cloud tasks that are publicly open, critically weak, and possess high privileges.
Decoding the 'Toxic Cloud Triad'
Tenable's research indicates that 38% of global firms have cloud operations ticking all boxes of this hazardous trio.
This blend casts a wide net for cyber miscreants, making it a fertile ground for data thefts, application interruptions, system hijacks, and DDoS assaults, often leading to ransom demand scenarios.
The firm cautions that falling prey to such attacks could cost companies nearly $5m per breach in 2024.
The report by Tenable uncovers worrying stats about cloud security flaws.
It highlights that a whopping 84.2% of businesses have obsolete or never-used access keys that still wield critical or high-level permissions, gaping an alarming security hole.
An inspection of leading cloud solutions like AWS, Google Cloud, and Azure revealed 23% of cloud identities possess critically or highly overprivileged access.
This situation persists for both human and machine identities. Tenable's Chief Product Officer, Shai Morag, warns that many are oblivious to these glaring access exposures within their cloud frameworks.
"It's not always about bad actors launching novel attacks. In many instances, misconfigurations and over-privileged access represent the highest risk for cloud data exposures."
The endurance of severe vulnerabilities is another grave concern spotlighted in the analysis.
A critical escape flaw, dubbed CVE-2024-21626, could compromise server hosts and was neglected in over 80% of workloads more than a month post-discovery.
Public Exposure and Unbridled Access Dangers
Tenable also voices worry over the open visibility of cloud storage and easy access to crucial frameworks.
The report states that 74% of firms expose storage units publicly, including ones holding sensitive data.
Often, these exposures are tied to unnecessary or too broad access permissions, fuelling ransomware onslaughts.
Besides, 78% of entities revealed Kubernetes API servers are accessible publicly, with 41% of them permitting inbound web traffic.
Additionally, 58% of firms have unrestricted admin controls over all Kubernetes surroundings, according to Tenable.
"The good news is, many of these security gaps can be closed easily once they are known and exposed," says Shai.
By implementing robust security measures, organisations can significantly reduce their attack surface and mitigate the risks associated with cloud vulnerabilities.
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik brand
