New data from Accurics is out – a review of hundreds of cloud deployments showed 93% of reviewed infrastructure had misconfigured cloud storage services. A majority of deployments had quote “at least one network exposure where a security group was left wide open”. Hardcoded private keys were found in 72% of deployments. Half kept unprotected credentials in container configuration files.
Why do we care?
I’m focusing more and more on these configuration stories because this is where the real value for a technology services company is going to be. This is a staggeringly large number of misconfigurations.
At the enterprise level, there are tools to monitor and manage this. There are far less tools focused on helping small companies, much less their providers do this.
Just because there isn’t a natural fit tool doesn’t mean the need isn’t there – meaning, you may have to do this manually, build your own, or cobble together a solution – and anyone who moves in this space is going to be rewarded.
That’s true on either side. With everything going to the cloud, this huge blind spot means wide open space, and that’s where real opportunity is.
Source: CIO Dive
