Misconfiguring buckets in Amazon Web Service (AWS) can leave an organization's sensitive data exposed, indicating the risks of operating workloads in the cloud. A new research report reveals the immediate risks and threats that can be created by deploying workloads in public clouds without the proper security guardrails, security services, or security best practices.
On 19 June, 2018, Lacework is scheduled to release its research, Containers at Risk, which discovered more than 22,000 container orchestration and application programming interface (API) management systems on the Internet – Kubernetes, Mesos, Docker Swarm, and more – highlighting the potential for attack points caused by misconfiguration and weak protocols. The large majority (95%) of the open admin dashboards were hosted inside of AWS.
"The immediate issue is that if somebody gets access to container orchestration systems, they can do anything within the console, from accessing information to the actual machines. One of the big messages here is that the security people in companies that are migrating to the cloud need to get back in the fold. They need to bridge this big gap that exists between developers and security," said Dan Hubbard, chief security architect at Lacework.
On the heels of the Weight Watchers breach in which a Kubernetes console was left exposed on the web without password protection, the report is a reminder that organizations embracing the new technologies underlying modern IT infrastructure – public clouds, virtual machines, containers and API-based environments – need to continuously validate the configuration of their cloud resources for security best practices.
“Cloud misconfigurations are completely avoidable if organizations proactively monitor their cloud computing environments. The incident at Weight Watchers is just another reminder for organizations to ratchet up their compliance and security posture in the cloud,” said Varun Badhwar, CEO and co-founder, RedLock. "Cloud resources should be automatically discovered when they’re created and monitored for compliance across all cloud environments. Further, organizations should implement policy guardrails to ensure that resource configurations adhere to industry standards."