Express Computer
Home  »  Cloud  »  4 in 10 organisations have a cloud workload that is publicly exposed: Tenable

4 in 10 organisations have a cloud workload that is publicly exposed: Tenable

0 45

Tenable today released the Tenable Cloud Risk Report 2024, highlighting that organisations globally and in India are unknowingly exposed to the “toxic cloud triad,” a trifecta of cloud security risks that could lead to severe data breaches and financial losses.

The report is based on extensive analysis of billions of cloud assets across data gathered from billions of cloud assets across multiple public cloud environments. The data collected during the first half of 2024 (Jan – Jun) includes a comprehensive set of cloud workload and configuration information from real-world cloud assets in active production.

The Toxic Cloud Triad

With the rapid adoption of cloud technology across industries in APAC, the report underscores the challenges posed by misconfigurations, excessive permissions, and critical vulnerabilities that open doors to threat actors. The findings reveal that 38% of organisations have at least one publicly exposed, critically vulnerable, and highly privileged cloud workload, forming the toxic cloud triad.

Many breaches reported worldwide in 2024 resulted from 1-day vulnerabilities exploited on exposed workloads. Of these, some of the most dangerous breaches involved lateral movement by using the privileges of the compromised workloads.

“With cyber risks spreading across every corner of the business, the threat level has become unsustainable,” said Rajnish Gupta, Country Manager, Tenable India. “To tackle the biggest vulnerabilities, organisations need to understand toxic cloud triads and other risky combinations—and know exactly what data is exposed. Attackers exploit the gaps, slipping through outdated defences that can’t keep up or react fast enough.”

Additional key findings from Tenable’s Cloud Research team include:

84% of organisations have risky access keys to cloud resources: The majority of organisations (84.2%) possess unused or longstanding access keys with critical or high severity excessive permissions, a significant security gap that poses a substantial risk.

23% of cloud identities have critical or high severity excessive permissions: Analysis of Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure reveals that 23% of cloud identities, both human and non-human, have critical or high severity excessive permissions.

Critical vulnerabilities persist: Notably, CVE-2024-21626, a severe container escape vulnerability that could lead to the server host compromise, remained unremediated in over 80% of workloads even 40 days after its publishing.

74% of organisations have publicly exposed storage: 74% of organisations have publicly exposed storage assets, including those in which sensitive data resides. This exposure, often due to unnecessary or excessive permissions, has been linked to increased ransomware attacks.

78% of organisations have publicly accessible Kubernetes API servers: Of these, 41% also allow inbound internet access. Additionally, 58% of organisations have cluster-admin role bindings — which means that certain users have unrestricted control over all the Kubernetes environments.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image