Orca Security 2021 State of Public Cloud Security Report, Financial Services Edition
Orca Security © 2021
Executive Summary
Public cloud security is a shared responsibility. While cloud
providers such as Amazon, Microsoft, and Google must
keep their public cloud platforms secure, their financial
services customers are responsible for securing the
workloads, data, and processes they run inside the cloud.
This presents a tremendous challenge for several reasons.
Today, any person with a corporate credit card can activate
sophisticated IaaS assets across AWS, Azure, and GCP.
Meanwhile, DevOps teams work at breakneck speeds,
scaling usage up and down frequently—possibly thousands
of times per hour—and all within a CI/CD pipeline that builds
the infrastructure. Security isn’t always in the loop on cloud
deployments and even when it is, visibility is limited.
For most organizations, cloud workload security is dependent
upon the installation and maintenance of security agents
across all assets. This rarely happens,
as this report shows.
Key findings include:
80.7% of organizations have at least one neglected
internet-facing workload - meaning it’s running an
unsupported operating system or has remained
unpatched for 180 days or more.
Authentication issues are also commonplace, with 5.3% of
organizations having at least one workload accessible using
either a weak or leaked password; 23.5% of organizations
aren’t using multi-factor authentication to protect one of their
cloud account’s root, super admin users; and 19.3% of
organizations have at least one internet-facing asset
accessible by way of non-corporate credentials.
Almost half the organizations (43.9%) have internet-facing
workloads containing secrets and credentials, posing a risk of
lateral movement.
评论0
最新资源