With cloud technology constantly evolving and growing increasingly critical to business operations, the responsibility of security professionals to stay abreast of the state of the cloud has never been greater in order to proactively address potential threats and ensure the safe and secure deployment of cloud solutions.
Over the past year, we have observed how cloud adoption has continued to grow with more organizations increasing their footprint in the cloud. Many new capabilities were introduced, with the number of possible API calls increasing by 15% in AWS, 20% in Azure, and 45% in GCP.
Although new services and their corresponding APIs expand the possibilities of how the cloud can be utilized, they can also broaden attack surfaces and create more challenges for cloud defenders. According to our data, 57% of companies use more than one cloud platform and therefore require greater knowledge and expertise from their security teams who need visibility into multiple platforms as well as the interfaces between them.
Besides novel cloud risks, well-known prevalent risks such as data exposure are also of concern. For instance, our data shows that 47% of companies have at least one database or storage bucket publicly exposed to the internet, and an attacker can discover and access an exposed bucket with a guessable name (e.g. “wiz-backup”) in less than 13 hours.
In this data-driven report, based on our scanning of over 200,000 cloud accounts, including more than 30% of the Fortune 100 environments, we analyze the latest industry trends and developments, presenting a factual and data-based assessment of the current state and progression of cloud technology. We examine how the cloud has evolved over the past year and attempt to shed light on some of the complexity of cloud environments, such as organizational usage of multi-cloud and both managed and non-managed services. We hope this can help cloud builders and defenders ensure they have the visibility and tools that they need to continue their cloud growth and protect their company’s assets. In addition, we will review notable cloud threats from last year and provide insight into the speed of compromise of misconfigured environments.Download the full report