New research shows that as cloud adoption grows, many organizations aren’t prioritizing security when storing data with cloud providers, making it easier for threat actors to compromise a business’ data in one place.
The study, from New York-based cloud security firm Wiz, finds that the growth of cloud platforms in recent years and an increase in APIs are expanding the possibilities of cloud computing and storage, but are also broadening the attack surface.
The three major cloud providers–AWS, Microsoft Azure and Google Cloud Platform (GCP)–each reported 2022 Q3 cloud revenue that reflected an increase of at least 20% from the same period last year. In addition, all thee cloud platforms are increasing their offerings, with the privileges available to control API access increasing by 15% for AWS, 20% for Azure and 45% for GCP.
The company’s State of the Cloud 2023 report finds that 57% of organizations are using more than one cloud platform, which means their IT and security teams need greater knowledge and visibility into these multiple platforms, as well as the interfaces between them.
However, Wiz data shows that organizations are placing a disproportionate amount of workloads with one cloud provider, as 78% of organizations have over 80% of their workloads in a single cloud provider.
Most companies have a few disproportionately large accounts alongside smaller ones, the report says. For over 97% of customers using AWS, the largest 5% of their accounts contain over 50% of their workloads.
“In other words, although most AWS customers do not maintain a single monolithic account in the strictest sense, they do use a handful of what might be considered monolithic accounts,” the report says.
AWS is the most commonly used platform, as 72% of workloads across all companies surveyed are running on Amazon’s cloud service. In addition, 62% of companies choose to place more of their workloads on AWS than with other cloud providers.
Among companies using more than one platform, Azure is the most common secondary platform (41%), but at customers using more than two platforms, GCP is the most common tertiary platform (44%), the report finds.
However, organization’s aren’t prioritizing security when it comes to cloud adoption, as 47% of companies have t least one database or storage bucket exposed to the internet, and over 20% of those cloud environment with publicly accessible buckets have buckets that contain sensitive information.
Those exposed resources are compromised within hours, according to Wiz, which conducted an experiment where S2 buckets with names that attackers might be targeting were attacked within 13 hours. In another test, an S3 bucket with an unguessable name but was referenced in a commit to a public GitHub repo was attempted to be listed within 7 hours.
Read the company’s report for more information.
