Feb 02, 2022
Public cloud services are designed to be easy to use. So easy, in fact, you only need a credit card to get started. But while it’s easy to spin up a new VM or turn on new services in AWS, Azure, and Google Cloud, doing so securely isn’t as straightforward. According to the latest Verizon Data Breach Investigations Report, most cybersecurity incidents involve cloud infrastructure. In fact, a whopping 73% of cybersecurity incidents involved external cloud assets, compared to only 27% last year.
Rapid cloud adoption, multi-cloud provider complexity, and a shortage of IT security skills are further exacerbating the problem by creating a cloud security knowledge gap. To help organizations adhere to best practices, Orca Security is sharing its collection of 900+ cloud risks along with remediation strategies in the new Orca Cloud Risk Encyclopedia.
The Cloud Risk Encyclopedia includes a collection of commonly found cloud security risks along with remediation strategies pulled directly from the Orca Security platform. Users can search or filter risks based on cloud platform, risk category, compliance framework, and risk score. For trending risks, the encyclopedia includes more detailed descriptions, related risks, examples of related incidents, and preventive strategies.
The Cloud Risk Encyclopedia helps promote cloud security best practices by serving as a learning hub for cloud security practitioners, researchers, and developers to:
Leveraging unique insights into current and emerging cloud risks captured from the Orca platform, these are some of the trending cloud risks identified by the Orca research team:
Fortunately, many of the risks that put sensitive data in harm’s way can be easily mitigated – if you know about them. For example, developers might feel like they’re giving back to the community by making AMIs public, but they might not realize that they could be exposing sensitive data at the same time. Or perhaps a freelance developer was given AWS keys (and, as a result, indefinite access to your cloud account) instead of temporary credentials via the Security Token Service. We hope that our new Cloud Risk Encyclopedia will prove to be an essential resource for security practitioners and analysts to get practical information and guidance on how to mitigate cloud security risks and stay informed about new risks as they appear.
Developing in the cloud is easy. Securing the cloud is hard – unless you have Orca Security on your side. The Orca Cloud Risk Encyclopedia is just one more way we’re simplifying cloud security.