New research highlights security risks of cloud-native environments

On average it takes security shops 25 days to fix cloud-native misconfigurations

25 percent of cloud-native breaches are due to managed services configured to default security profiles or with excessive permissions, new research has revealed.

Cloud security company Accurics detailed the findings in a new report highlighting the increasing security dangers of cloud-native environments.

One type of attack strategy the company identified as a rising concern is “watering-hole” attacks, where hackers gradually leverage weaknesses to deliver malware to end-users, gain unauthorized access to production environments or their data, or completely compromise a target environment.

This strategy was deployed by the attackers behind the high-profile SolarWinds attack.

Accurics warned development processes in the cloud that leverage managed services are more exposed than in on-premise environments.

Accordingly, enterprises should assume the entire development process is easily accessible, and restrict access to only the users who need it, the company added.

‘Critical implications’

“Cloud-native apps and services are more vital than ever before, and any risk in the infrastructure has critical implications,” said Accurics Co-founder, CTO & CISO Om Moolchandani.

“Our research indicates that teams are rapidly adopting managed services, which certainly increase productivity and maintain development velocity. However, these teams unfortunately aren’t keeping up with the associated risks – we see a reliance on using default security profiles and configurations, along with excessive permissions.”

The report revealed that the mean time to remediate issues (MTTR) for violations is 25 days across all environments, which it described as a “luxury for potential attackers”.

More worryingly, critical cloud infrastructure components take even longer to fix, such as load-balancing services that take an average of 149 days to remedy.

Configurations that cause organisations to “drift” away from established secure infrastructure postures take on average 8 days to remediate, it added.

Other findings that should be cause for concern for any organisation adopting cloud-native tools and processes include:

• Kubernetes  – 35% of K8s users implementing role-based access controls (RBAC) often fail to define roles at the proper granularity, leading to credential reuse and the chance of misuse.
• In Helm charts, 48% of violations were caused by insecure defaults. The most common mistake is improper use of the default namespace – where system components run – which could give hackers access to system components or secrets.
• The rapid adoption of Identity and Access Management as Code is increasing the risk of misconfigured roles.
• 10% of organisations are paying for advanced security capabilities that are never enabled.

Accurics said cloud-native organisations need to adopt a fundamentally new approach that embeds security earlier in the development lifecycle and maintains a secure posture throughout. This is commonly known as a DevSecOps approach.