Poor Security Hygiene Leads to Escalating Cloud Vulnerabilities

In the rush to automate more and more build processes in the cloud, many organizations are adopting infrastructure as code (IaC) to help streamline their operations.

IaC itself is not new, but many companies are adopting it for the first time. As often happens when moving quickly, this is opening them up to new risks.

Using a combination of proprietary Palo Alto Networks data and intel from public sources, the Palo Alto Networks cloud-focused division of Unit 42 analyzed hundreds of thousands of IaC templates. They found that while IaC offers security teams a programmatic way to enforce security standards, much of its power remains largely unharnessed – and in many cases, it’s simply not secure.

Key Unit 42 findings show more than 199,000 potential vulnerabilities in IaC templates. On top of that, more than 43% of cloud databases are currently unencrypted, and only 60% of cloud storage services have logging enabled.

Download and read the full Unit 42 Cloud Threat Report here. You will get fresh insights on:

  • Vulnerabilities in IaC templates and how to avoid them
  • The latest trends in cryptomining and cybercrime operations
  • What is on tap for the remainder of 2020 from a threat perspective

It is crucial to be aware of these vulnerabilities.

Read the full Palo Alto Networks announcement here and the Cloud Threat Report, and you can start deploying best practices to enforce complete cloud security.

Please contact your local Exclusive Networks Account Manager to learn more about protecting the Private and Public Clouds with Palo Alto Networks.