The Accurics study says that
Posted: Sat Feb 08, 2025 3:45 am
Accurics: 93% of Cloud Environments Are Vulnerable
Sergey Stelmakh | 08/06/2020
In its latest “State of DevSecOps” report, Accurics found that the vast majority of cloud environments deployed by organizations are vulnerable to hacking, Information Age reports.
the rate at which vulnerabilities in cloud services spread will increase, as will their scale, and they will likely spread to environments that have at least one network configuration that is not patched by the security team. More than 200 such breaches have been disclosed in the past two years.
In examining the most common threats, Accurics found that all companies in the study had some level of internet access to databases or other private subnets containing sensitive resources. Additionally, despite the widespread availability of tools like AWS Key Management Service (KMS) and HashiCorp Vault, the researchers found that 72% of all bahrain mobile database deployments analyzed had hard-coded private keys.
When it comes to containers, the most common issue was found to be that 84% of companies stored credentials in unprotected container configuration files, while 41% tied high privileges for provisioning compute resources to hard-coded keys. As a result, any vulnerability associated with this could compromise all resources involved.
Another problem that arises in cloud deployments is alert fatigue. This is caused by automatic risk detection combined with a manual approach to resolving them, with only 6% of identified issues being resolved. However, the new Remediation of Code allows organizations to address 80% of risks using automatically generated code.
Sergey Stelmakh | 08/06/2020
In its latest “State of DevSecOps” report, Accurics found that the vast majority of cloud environments deployed by organizations are vulnerable to hacking, Information Age reports.
the rate at which vulnerabilities in cloud services spread will increase, as will their scale, and they will likely spread to environments that have at least one network configuration that is not patched by the security team. More than 200 such breaches have been disclosed in the past two years.
In examining the most common threats, Accurics found that all companies in the study had some level of internet access to databases or other private subnets containing sensitive resources. Additionally, despite the widespread availability of tools like AWS Key Management Service (KMS) and HashiCorp Vault, the researchers found that 72% of all bahrain mobile database deployments analyzed had hard-coded private keys.
When it comes to containers, the most common issue was found to be that 84% of companies stored credentials in unprotected container configuration files, while 41% tied high privileges for provisioning compute resources to hard-coded keys. As a result, any vulnerability associated with this could compromise all resources involved.
Another problem that arises in cloud deployments is alert fatigue. This is caused by automatic risk detection combined with a manual approach to resolving them, with only 6% of identified issues being resolved. However, the new Remediation of Code allows organizations to address 80% of risks using automatically generated code.