It was revealed that the incorrect configuration of the software accounts for 65 to 70% of all problems with cloud security, which costs companies almost $ 5 trillion. A Red Hat survey found that 53% of respondents found an incorrect configuration in their container or Kubernetes deployments. One of the reasons why these vulnerabilities are so common is that virtualization and cloud cover of the IT infrastructure have blurred the traditional boundaries of responsibility of developers and information security teams.
What is the risk
Incorrect configuration can take various forms: from erroneous creation of a repository “accessible to everyone” and disclosure of confidential information to improper implementation of security controls. This makes enterprises vulnerable to a wide range of potential threats: hacking software, data theft, hacking repositories, arbitrary workloads (including cryptocurrency mining).
How to protect yourself
The key point is the introduction of effective methods for managing the security of the cloud environment (SPM). This helps to define clear boundaries of responsibility and allows information security groups to establish appropriate security policies that require application developers and infrastructure to ensure compliance with them. CSPM software tools allow corporate security teams to quickly monitor and check cloud resources for incorrect settings, identify problems at an early stage and fix vulnerabilities before they are used by cybercriminals.