With the increased adoption of public cloud infrastructure services like AWS in the enterprise, there’s also a growing need for clear identity and access policies to ensure sensitive enterprise data is secure. While many organizations have controls around cloud services such as multi-factor authentication and single sign-on solutions, porting the same type of controls over to cloud infrastructure like AWS often goes overlooked. Findings in the October 2018 Netskope Cloud Report revealed that a vast majority (71.5%) of the Center for Internet Security’s Benchmark violations in AWS occur around Identity and Access Management. The report also revealed that many of these violations involve instance rules, role-based access controls and access to resources or password policy requirements. Enterprises can easily address these issues even without an external security solution.
(Netskope: See full infographic)
As several major recent high profile corporate breaches have been traced back to a misconfiguration of resources like S3 buckets, this points to a major weakness in many enterprise I/PaaS security strategies. Organizations are exposing themselves to significant risks without addressing these gaps.
Consistent with previous reports, the October 2018 Netskope Cloud Report also found that most DLP violations still occur across cloud storage services (54%) and webmail (35.3%), followed by collaboration services (10.1%) and other (including cloud infrastructure) at 0.6%.
Other key findings include:
Additional CIS Benchmark violations by category included Monitoring (19%), Networking (5.9%) and Logging (3.%).
64% percent of data loss prevention (DLP) activity violations in the enterprise occur through downloads.
Enterprises use an average of 1,246 cloud apps, and over 92% are not classified as “enterprise-ready.”
For more information, visit the Netskope website to download a full copy of the report.
By Jervis Hui, Netskope Senior Security Strategist