RedLock Report Indicates Data Breaches in the Cloud Will Continue to Rise

  RedLock Report Indicates Data Breaches in the Cloud Will Continue to Rise

Identifies troubling trends concerning how organizations approach public cloud

Business Wire

MENLO PARK, Calif. -- October 5, 2017

RedLock, the Cloud Threat Defense company, today released a new report based
on research from its Cloud Security Intelligence (CSI) team – a group of elite
security analysts, data scientists and data engineers. The latest “Cloud
Security Trends” report spans research from June through September, 2017,
providing a comprehensive view into major threats and vulnerabilities in
public cloud computing environments despite cloud service providers’ efforts
to educate organizations on shared security responsibilities.

Among key findings in the new report, the RedLock CSI team found that:

  * Data exposures are on the rise because organizations are failing to adhere
    to established security best practices. For example, the report found that
    53% of organizations using cloud storage services such as Amazon Simple
    Storage Service (Amazon S3) have inadvertently exposed one or more such
    service to the public (up from 40% in the May “Cloud Infrastructure
    Security Trends” report). This is after Amazon published a warning on this
    subject to all of its customers. Moreover, the research also revealed that
    48% of PCI checks fail in public cloud computing environments.
  * Vulnerabilities are being neglected in the cloud due to the fact that
    organizations are unable to leverage their existing vulnerability
    management investments that lack context on constantly changing cloud
    resources. The RedLock CSI researchers found that 81% of organizations are
    not managing host vulnerabilities in the cloud, opening up the
    organization to potential attacks or breaches.
  * Risky users are flying under the radar. The research team determined that
    administrative user accounts for public cloud computing environments have
    potentially been compromised at 38% of organizations. Malicious actors
    could use these compromised accounts to infiltrate the cloud environments
    and cause tremendous damage to business operations.
  * Nefarious network activities are rampant. The RedLock CSI team discovered
    37% of databases are accepting inbound connection requests from the
    internet, and 7% of those are receiving requests from suspicious IP
    addresses, indicating they’ve been compromised.
  * And cloud attack kill chains are complex and require a holistic approach
    to cloud threat defense. The research team found a number of Kubernetes
    administrative consoles that were not password protected, creating a
    window of opportunity for hackers. Researchers even found that many of
    these environments were leaking access credentials for various cloud
    environments. To make matters worse, some of these environments had
    already been compromised to mine Bitcoins, which organizations were
    completely unaware of.

“In our second Cloud Security Trends report, the RedLock CSI team found that
organizations are still falling behind in effectively protecting their public
cloud computing environments,” said Gaurav Kumar, CTO of RedLock and head of
the CSI team. “As we’ve witnessed by recent incidents at organizations such as
Viacom, OneLogin, Deep Root Analytics and Time Warner Cable, the threats are
real and cybercriminals are actively targeting information left unsecured in
the public cloud. It’s imperative for every organization to develop an
effective and holistic strategy now to protect their public cloud computing

First unveiled in May, the RedLock CSI team’s mission is to enable
organizations to confidently adopt public cloud computing by researching cloud
threats and advising organizations on cloud security best practices. To date,
it has discovered millions of exposed records that contain sensitive data
belonging to dozens of organizations ranging from small businesses to Fortune
50 companies.

Download a copy of the full “Cloud Security Trends” research report at


View source version on


New @RedLockio report identifies troubling trends concerning how organizations
approach public #cloudsecurity


Paula Dunne, +1 408-776-1400
(m) +1 408-893-8750
Press spacebar to pause and continue. Press esc to stop.