Cyber security management company Skybox Security has release of its 2019 Cloud Trends Report. Compiled by the team of security analysts at the Skybox Research Lab, the document analyses vulnerability trends and other risks in Cloud Infrastructure-as-a-Service (IaaS). Its analysis also concerns other technologies relevant to the use of IaaS such as containers, orchestration platforms and devops tools.
In addition to the analysis findings, the report also provides guidance on Best Practice for improving cloud security capabilities in light of these trends.
Key findings of the report include the following:
*Vulnerabilities affecting cloud IaaS solutions are likely to increase by 50% this year over the 2018 figures
*Cloud container vulnerabilities have increased by 82% thus far in 2019
*Third party cloud plugins and apps are further expanding the attack surface
*Misconfigurations are the greatest risk posed to cloud security
“Vulnerabilities within IaaS cloud solutions are naturally going to continue to climb as these services are more widely adopted,” observed Skybox Security’s CTO Ron Davidson. “Organisations would be wise not to be too distracted by this increase in vulnerability reports. The biggest cloud insecurities don’t exist within the service provider’s infrastructure itself, but rather in the way that companies implement and manage the technology. Without proper security considerations and oversight, misconfigurations and policy violations may abound. These process-related issues are hiding in plain sight within organisations and present the greatest risk.”
Amrit Williams, vice-president of products at Skybox Security, added: “Risks within cloud environments are difficult to manage in many organisations simply because the traditional tools, processes and teams are often ill-equipped to handle the volume and velocity of change in cloud environments.”
Williams continued: “Handling the security and management of disparate infrastructures is incredibly complex, so many organisations are being forced to rethink how to maximise the effectiveness of their cloud deployments while at the same time maintaining efficiency. This report highlights the need for organisations to try and unify their methodologies across their hybrid infrastructure, while still understanding that there are unique challenges with cloud.”