5 Key Areas Exposing Your AWS Deployments to Security Threats

August 18, 2021
Vectra AI Security Research team
Cybersecurity
5 Key Areas Exposing Your AWS Deployments to Security Threats

Let’s be honest, the cloud has come at us fast this past year—especially if you’re a security practitioner. Like lining up to race Usain Bolt in the 100 meters kind of fast. Only he’s the cloud and you’re trying to keep up. As soon as you get set, he’s already crossed the finish line and is onto the next deployment. What do you defend? Where do you focus your efforts and resources and how do you make sure all of your services are secure when you know threats are lurking?  

And it’s not that they’re just lurking, we recently surveyed hundreds of security professionals who work to secure Amazon Web Services (AWS) and found that every participating organization had experienced a previous cloud security incident. The full findings are in the latest State of Security Report that provides insight from CISOs, security architects, engineers and DevSecOps professionals who share how their organizations are utilizing and securing AWS.  

You’ll discover how organizations are utilizing Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) across AWS to rapidly develop and deploy workloads, while security teams are often struggling to keep up with potential vulnerabilities. In addition to the free report, you can also take a look at the five cloud security blind spots that were uncovered as well. But for now, let’s get to the 5 exposure areas in cloud deployments that can leave your organization susceptible to threats like ransomware.  

1. Common Customer Misconfigurations in AWS

AWS Cloud statistic: Through 2025 99% of cloud security failures will fall on the customer

While the benefits of greater speed and agility that come with the cloud enable faster delivery of applications, these advantages need to be balanced against security risks that arise from increasingly complex and constantly evolving deployments. In fact, Gartner states that through 2025, 99% of all cloud security failures will fall on the customer. Misconfigurations or mistakes are inevitable but by utilizing artificial intelligence (AI) you’ll gain visibility into account creation, account changes and how services are being used to identify when something isn’t right.  

2. Increased Access and Risk in AWS Deployments

AWS Cloud statistic: 71% of organizations have more than 10 people accessing AWS

The report findings reveal that 71% of participating organizations have more than 10 users with access and the ability to modify the entire AWS infrastructure. With more users granted access to AWS, risk exponentially increases as even one compromised account by an attacker would spell disaster. The challenges of securely configuring the cloud are expected to continue for the foreseeable future due to sheer size, scale and continuous change.

Infographic: Securing IaaS & PaaS: Today’s Reality

3. Risks of Informal AWS Deployment Sign-Off Processes

AWS Cloud statistic: 64% are deploying new services on a weekly or daily basis.

The cloud has expanded to such an extent that securely configuring it with continued confidence is nearly impossible. Almost one-third of organizations surveyed have no formal sign-off before pushing to production, and 64% of organizations are deploying new services weekly or even more frequently. Not having a set sign-off procedure in place doesn’t always mean security isn’t prioritized, but it’s important that security teams are involved in deployments and ideally would be part of a formalized sign-off process.

4. High-Risk AWS Services Implementation  

AWS Cloud statistics: 71% of those surveyed use 4 or more services while only 29% use only S3, IAM and EC2

The survey cites that 71% of respondents use more than four AWS services, leaving themselves even more vulnerable to exploitation, while only 29% use three AWS services—S3, EC2, IAM. This shows that organizations are blind to threats in the services that aren’t covered with native security controls offered in the bottom three services. We also found that 64% of DevOps respondents are deploying new services at least once a week. As enterprises move their high-value data and services to the cloud, it’s imperative to control cyber-risks that can take down their businesses.  

5. Challenges of Investigating Different AWS Regional Consoles  

AWS Cloud statistic: 40% of organizations are running AWS across threat of more regions

Data shows that 40% of participating organizations are running AWS across three or more regions. The challenge here is that native threat detection tools offered by cloud service providers require a single console for each region, so security teams have to manually investigate the same threat in each regional console. Attacks are rarely confined to one region as well, which puts organizations at a disadvantage during detection efforts because they lose a holistic view. In this case, native tools will only hold them back and may augment the risk of a successful breach.

By making sure your bases are covered in these areas during your cloud journey, you’ll be in much better position to reduce the risk of compromise and exposure to today’s ransomware attacks. 

And, if you’d like to see and stop threats against your AWS environment, get a free demo today!

FAQs

What are the common misconfigurations in AWS deployments?

Common misconfigurations include improper access controls, insecure settings, and lack of encryption.

What are the risks of not having a formal deployment sign-off?

Not having a formal sign-off process can result in unreviewed changes and overlooked security vulnerabilities.

What are the challenges of investigating AWS deployments across regions?

Investigating across regions can be complex due to separate threat detection consoles and lack of a unified view.

What are the benefits of formal sign-off processes in AWS deployments?

Formal sign-offs ensure that changes are reviewed, approved, and secure before deployment.

What is the impact of customer misconfigurations on AWS security?

Misconfigurations can lead to security breaches, data loss, and unauthorized access to sensitive information.

How does increased access risk affect AWS security?

Increased access risk can lead to unauthorized access and potential data breaches if not properly managed.

Which AWS services are considered high-risk?

High-risk services include those with broad permissions and access, such as S3, IAM, and EC2, without proper controls.

How can organizations improve AWS security configurations?

Organizations can use automated tools, regular audits, and adherence to best practices to improve configurations.

What are the benefits of formal sign-off processes in AWS deployments?

Vectra AI provides continuous threat detection and response, improving visibility and security in AWS environments.

How can organizations manage access to AWS deployments effectively?

Effective access management includes using IAM policies, role-based access, and regular audits to control access.