Public cloud services are designed to be easy to use. So easy, in fact, you only need a credit card to get started. But while it’s easy to spin up a new VM or turn on new services in AWS, Azure, and Google Cloud, doing so securely isn’t as straightforward. According to the latest Verizon Data Breach Investigations Report, most cybersecurity incidents involve cloud infrastructure. In fact, a whopping 73% of cybersecurity incidents involved external cloud assets, compared to only 27% last year.
Rapid cloud adoption, multi-cloud provider complexity, and a shortage of IT security skills are further exacerbating the problem by creating a cloud security knowledge gap. To help organizations adhere to best practices, Orca Security is sharing its collection of 900+ cloud risks along with remediation strategies in the new Orca Cloud Risk Encyclopedia.
What is the Orca Cloud Risk Encyclopedia?
The Cloud Risk Encyclopedia includes a collection of commonly found cloud security risks along with remediation strategies pulled directly from the Orca Security platform. Users can search or filter risks based on cloud platform, risk category, compliance framework, and risk score. For trending risks, the encyclopedia includes more detailed descriptions, related risks, examples of related incidents, and preventive strategies.
Cloud Security Learning Hub
The Cloud Risk Encyclopedia helps promote cloud security best practices by serving as a learning hub for cloud security practitioners, researchers, and developers to:
- Find information on cloud security risks: The encyclopedia includes detailed risk descriptions and recommended remediation steps to help security teams address cloud security risks in their environment.
- Learn about best practices for breach prevention: By providing a comprehensive collection of cloud security risks along with best practices, security teams can implement preventive measures to improve their security posture.
- Find out which cloud security risks are the most critical: By searching on the highest score (Compromised), security professionals can learn what risks they should be focusing on most.
- Check which risks apply to particular compliance frameworks: By filtering risks on a particular compliance framework or CIS benchmark, security professionals can research the relevant cloud security risks that affect compliance status.
- Stay up-to-date on new cloud security risks and discoveries: The encyclopedia is updated regularly so security practitioners and analysts can stay informed of trending risks, including new discoveries like Superglue and BreakingFormation.
Trending Cloud Risks
Leveraging unique insights into current and emerging cloud risks captured from the Orca platform, these are some of the trending cloud risks identified by the Orca research team:
- IAM Role with Cross-Account Access Without External ID or MFA
- AWS S3 Bucket Allows Public READ Access
- Password in shell history
- Sensitive Information in Git Repository
- IAM User with Admin Privileges
Raising Cloud Risk Awareness
Fortunately, many of the risks that put sensitive data in harm’s way can be easily mitigated – if you know about them. For example, developers might feel like they’re giving back to the community by making AMIs public, but they might not realize that they could be exposing sensitive data at the same time. Or perhaps a freelance developer was given AWS keys (and, as a result, indefinite access to your cloud account) instead of temporary credentials via the Security Token Service. We hope that our new Cloud Risk Encyclopedia will prove to be an essential resource for security practitioners and analysts to get practical information and guidance on how to mitigate cloud security risks and stay informed about new risks as they appear.
Developing in the cloud is easy. Securing the cloud is hard – unless you have Orca Security on your side. The Orca Cloud Risk Encyclopedia is just one more way we’re simplifying cloud security.