Many organizations are automating their cloud infrastructure deployments through code. This allows them to establish a secure configuration baseline early in their DevOps lifecycle, but the security posture of most cloud resources later drifts due to undocumented changes that often remain undetected.
A new study from cloud security company Accurics found that in as many as 90% of cases the configuration of cloud resources was modified by privileged users after deployment. While many of those changes might have legitimate business reasons, others might be the result of malicious lateral movement activities following compromises. Insecure configurations are the top cause of data breaches involving cloud resources and cloud-hosted data. If they’re not detected and left unaddressed, they can be an easy entry point for attackers.
Infrastructure as code and a false sense of security
According to Accurics, almost a quarter of all configuration changes in cloud environments are now made via code. This is part of a DevOps process known as infrastructure as code (IaC) or continuous configuration automation (CCA) that has seen increased adoption over the past few years. Most cloud services providers allow customers to provision new resources or cloud instances via machine-readable definition files, or templates, and third-party tools are available that work with multiple clouds.
The data in Accurics’ report comes from customer surveys, CISOs and design partners combined with open-source research and the company’s own telemetry from analyzing hundreds of thousands of cloud resources deployed in real-world environments.