A staggering 99% of misconfigured cloud servers in public cloud environments go undetected, according to cybersecurity firm McAfee, putting organisations at risk of a data breach.

The rise of infrastructure as a service (Iaas) – in which cloud providers such as Amazon’s AWS and Microsoft’s Azure effectively rent out the physical infrastructure for other organisations to store their data – has led to a growing number of security incidents caused by human error, as opposed to malware.

Recently, a company left a database containing the personal details of every Ecuadorian online without protection. In another example, Verdict discovered 212,000 Teletext Holidays customer call recordings left public on an AWS S3 bucket.

The problem has become so commonplace that the US Securities and Exchange Commission put out an alert in May this year warning organisations about the risks.

McAfee’s findings, published in ‘Cloud-Native: The Infrastructure-as-a-Service Adoption and Risk Report’, reveals just how widespread the problem of misconfigured public cloud servers is.

Surveying 1,000 enterprise organisations around the world and drawing from the anonymised, aggregated data of “millions of cloud users and billions of events” of its customers, McAfee found that 90% of companies have experienced some kind of security issue when it comes to IaaS.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

The findings also showed that while companies claim misconfiguration incidents average 37 per month, the reality is actually 3,500.

99 problems and misconfigured servers is the main one

One way for organisations to keep on top of their cloud security is to carry out an audit of their misconfigurations. However, just 26% of organisations are equipped to do so, according to the findings.

Keeping track of misconfigured servers is made trickier still when companies use multiple cloud service providers. According to McAfee, 76% of respondents said they use multiple IaaS providers. However, McAfee puts the real figure at 92%, based on cloud usage data.

“In the rush toward IaaS adoption, many organisations overlook the shared responsibility model for the cloud and assume that security is taken care of completely by the cloud provider,” said Rajiv Gupta, senior vice president of cloud security at McAfee.

“However, the security of what customers put in the cloud, most importantly sensitive data, is their responsibility.

“To defend against the new era of cloud-native breaches, organisations need to use security tools that are cloud-native, purpose-built for cloud security and address their portion of the shared responsibility model.”


Read more: Financial services embrace hybrid cloud – but challenges remain