How Cloud Security Risks Soar and Threaten Business
Cloud computing has adapted the way businesses operate, offering scalability, flexibility and cost-effectiveness
As organisations worldwide increasingly rely on cloud services for data storage, application hosting and infrastructure management, the importance of robust cloud security measures is only growing in cruciality.
The rapid growth of global cloud computing shows the need for organisations to address potential security vulnerabilities in their cloud environments.
However, the 'toxic cloud triad' Tenable, a company specialising in exposure management, has released its 2024 Cloud Risk Report, highlighting significant security risks in modern cloud environments.
The report introduces the concept of a 'toxic cloud triad', which refers to cloud workloads that are publicly exposed, critically vulnerable and highly privileged.
What is the ‘toxic cloud triad?’
According to Tenable, 38% of organisations globally have cloud workloads that meet all three of these toxic cloud triad criteria.
This combination of factors creates a perfect storm of exposure for threat actors to target, the report says.
The toxic cloud triad significantly increases the risk of data breaches, application disruptions, system takeovers and distributed denial-of-service (DDoS) attacks, which are often associated with ransomware.
Tenable warns that such scenarios could have devastating consequences for organisations, with the average cost of a single data breach in 2024 approaching US$5m.
Key findings and vulnerabilities
Tenable reveals several alarming statistics about cloud security vulnerabilities.
It states that 84.2% of organisations possess unused or longstanding access keys with critical or high severity excessive permissions, creating a significant security gap.
Additionally, an analysis of major cloud service providers, including Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure, shows that 23% of cloud identities have critical or high severity excessive permissions.
This includes both human and non-human identities, according to Tenable.
The persistence of critical vulnerabilities is another concern highlighted in the report.
For example, CVE-2024-21626, a severe container escape vulnerability that could lead to server host compromise, remained unaddressed in over 80% of workloads even 40 days after its discovery.
Public exposure and access risks
Tenable also raises concerns about the public exposure of cloud storage and access to critical infrastructure.
It states that 74% of organisations have publicly exposed storage assets, including those containing sensitive data.
This exposure, often resulting from unnecessary or excessive permissions, has been linked to increased ransomware attacks.
Furthermore, 78% of organisations have publicly accessible Kubernetes API servers, which are used to manage containerised applications. Of these, 41% also allow inbound internet access.
Additionally, 58% of organisations have cluster-admin role bindings, granting certain users unrestricted control over all Kubernetes environments, the report says.
Shai Morag, Chief Product Officer at Tenable, emphasises that many organisations may be unaware of these access exposures in their cloud workloads.
He says: "It's not always about bad actors launching novel attacks. In many instances, misconfigurations and over-privileged access represent the highest risk for cloud data exposures.
"The good news is, many of these security gaps can be closed easily once they are known and exposed."
******
Make sure you check out the latest edition of Technology Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Technology Magazine is a BizClik brand
- How Davos 2025 Tackles AI Revolution Amid Climate ConcernsDigital Transformation
- Inside Google Cloud's Renewed Collaboration With ServierAI & Machine Learning
- What Does BlackBerry's Data Say About Cyberattacks in 2024?Cloud & Cybersecurity
- How IBM & Ericsson Are Transforming UK Emergency ServicesDigital Transformation