Cloud Security Wrapped Reveals Bucket Misconfigurations as Main Concern

Data security was high on the agenda of cloud native businesses around the world this year, as Cyscale’s inaugural Cloud Security Wrapped revealed buckets as the source of most high-severity security alerts.  

The most common misconfiguration the Cyscale cloud security platform identified, prioritized as critical based on our customers’ unique controls, and offered remediation for was: “Ensure buckets have versioning enabled”. 

This suggests that our customers, from as far afield as Europe, the US, and South America, and from industries as diverse as fintech to healthtech, all share a desire to maintain full control of their precious data.  

Check versioning is enabled in buckets 

Versioning in a bucket such as Amazon S3, is an optional capability that means the bucket will keep multiple variations of the same object if the object is updated or changed, instead of overwriting the object. This means you can retrieve and restore every version of every object stored in your bucket, preventing deletion or overwriting of that object. 

In a business that often creates new buckets, or updates objects in storage frequently, Cyscale’s custom controls would check that the buckets are correctly configured. Without this check an organization could easily lose sensitive or important data. This is clearly something a significant portion of our customer base is concerned with. 

Reduce cloud security assessments from weeks to minutes 

Speed is of the essence too. Although we were unable to draw averages from our customer base due to their wildly different internal processes, we were able to establish that broadly speaking, it can take a company up to two weeks to do the necessary data gathering and analysis to identify and assess misconfigurations on cloud resources like buckets. 

This is before a manual prioritization of issues, considered against the company's specific operational and compliance requirements. 

What we could establish universally however, is that a customer using Cyscale was able to onboard their cloud environments (such as AWS) and perform their first scan to identify any misconfigured S3 buckets within 15 minutes.  

The prioritization of identified issues happens in real-time based on custom controls, eg. an S3 bucket discovered without versioning enabled would be flagged as a high-priority alert immediately. 

This reduces a highly manual process taking two weeks, down to a highly automated 15 minutes.  

Cloud risk reduction of up to 70% 

Overall, we were able to reduce our customers’ cloud risk by an average of 16%. While this may not sound a lot, it takes into account many frequently changing cloud estates, where Cyscale is constantly surfacing new issues. We must also consider the rapid development of the Cyscale platform itself, which surfaces new issues as capabilities are deployed.  

One customer did in fact see a 70% reduction in risk, which speaks to our mission of being able to point you towards the top 20-30% of issues that will significantly reduce your risk.  

This finding is also a nod to the time saved by instantly seeing where vulnerable images and code are running within your infrastructure and making those findings prominent, reducing alert fatigue. 

Every customer’s cloud infrastructure is unique, so it’s hard to draw common benefits, but since we introduced the Scopes feature earlier this year, many customers have reported architecture improvements carried out by leveraging asset graphs after segmenting their workloads into useful groups with Scopes.  

Tuesday is the day for security tasks  

Finally, what would a year in review be without an interesting fact? While we were looking at our data set, one day of the week stood out as the most popular day for getting cloud security tasks ticked off, and that was Tuesday.  

What is it about Tuesdays that make them the preferred day for productivity? We can’t say for sure, but we do know one customer topped the productivity leaderboard one particular Tuesday, by breezing through over 4,800 remediations.  

Find unused cloud resources and save money 

That’s not all though. If we dive into the data, there’s more to add to the big picture from small victories achieved by our customers that cannot be measured as easily. 

Periodic IAM (Identity and Access Management) reviews can be accelerated and, in some cases, mostly automated, as Cyscale identifies excessive permissions, left-over users that need offboarding, and optimizes user management by revealing overprivileged accounts or entitlements that are not in use.  

And there is also a great opportunity for cloud security solutions like Cyscale to help reduce your cloud infrastructure costs by identifying left-over and unused resources, as well as shadow infrastructure that has crept into your estate without your knowledge.