Trend Micro research finds
misconfiguration as number
one risk to cloud environments
As more businesses move to use the cloud, the range of cyberthreats increases.
Trend Micro is on hand to offer advice on how to tackle these threats.
Trend Micro Incorporated, a global
leader in cloud security, has released
the findings from research into cloud
security, which highlights human error and
complex deployments open the door to a
wide range of cyberthreats.
Gartner predicts that by 2021, over 75%
of midsize and large organisations will have
adopted multi-cloud or hybrid IT strategy. As
cloud platforms become more prevalent, IT
and DevOps teams face additional concerns
and uncertainties related to securing their
cloud instances.
This newly released report reaffirms that
misconfigurations are the primary cause of
cloud security issues. In fact, Trend Micro
Cloud One – Conformity identifies 230 million
misconfigurations on average each day,
proving this risk is prevalent and widespread.
“Cloud-based operations have become
the rule rather than the exception and
cybercriminals have adapted to capitalise
on misconfigured or mismanaged cloud
environments,” said Indi Sirinwasa,
Vice President SSA at Trend Micro. “We
believe migrating to the cloud can be
the best way to fix security problems by
redefining the corporate IT perimeter
and endpoints. However, that can only
happen if organisations follow the shared
responsibility model for cloud security.
Taking ownership of cloud data is paramount
to its protection and we’re here to help
businesses succeed in that process.”
The research found threats and security
weaknesses in several key areas of cloudbased
computing, which can put credentials
and company secrets at risk. Criminals
capitalising on misconfigurations have
targeted companies with ransomware,
cryptomining, e-skimming and data
exfiltration. Misleading online tutorials
compounded the risk for some businesses
leading to mismanaged cloud credentials
and certificates. IT teams can take advantage
of cloud-native tools to help mitigate these
risks but they should not rely solely on these
tools, the report concludes.
Trend Micro recommends several best
practices to help secure cloud deployments:
• Employ least privilege controls:
Restricting access to only those who
need it.
• Understand the Shared Responsibility
Model: Although cloud providers
have built-in security, customers are
responsible for securing their own data.
• Monitor for misconfigured and exposed
systems: Tools like Conformity can quickly
and easily identify misconfigurations in
your cloud environments.
• Integrate security into DevOps culture:
Security should be built into the DevOps
process from the start. •
38