Singapore, July 13 2021 — Horangi, a Singapore-headquartered cybersecurity company providing solutions optimized for cloud-based organizations across Southeast Asia, has identified misconfigured Cloud infrastructure as an area of significant concern for cybersecurity in the region. This is an area often overlooked by organizations, and could potentially have dire consequences with organizations adopting a Work From Home (WFH) approach due to the COVID-19 pandemic, a development which has accelerated the move to cloud.
This observation was derived through Horangi’s analysis of just over 1 million configurations of cloud infrastructure conducted by its flagship security solution, the multi-cloud application, Warden. Approximately 265,000 configurations, 25% of the total number evaluated, uncovered misconfigurations that could be leveraged by threat actors as attack vectors. These misconfigurations commonly include unrestricted outbound access as well as access to network ports that could be used to gain unauthorized entry into an organizations network.
The analysis also included other cloud related vulnerabilities that could collectively impact the overall security risk posture of an organization, these being:
- Identity and Access Management (IAM)
88% of organizations possessed unused IAM credentials while 63% of organizations had inactive users still registered in their database, raising risks of unauthorized access when credentials fall into the wrong hands
Network Access Control
84% of organizations allowed unrestricted access to network ports that bad actors could leverage to launch attacks or to gain unauthorized access to the organization
- Audit Logging
78% of organizations had gaps in their ability to audit changes to their infrastructure, causing them to be lacking in full visibility across their entire cloud environment and limiting forensic investigation of breaches, while 91% of organizations also see gaps in their monitoring of sensitive changes
A global JLL survey saw an overwhelming 72% of respondents indicating a preference to continue remote working arrangements in the post-pandemic economy. The attack surface increases with each decentralized workspace, elevating the size, scope, and complexity of cybersecurity. Gartner has found that nearly all successful attacks on cloud services may be attributed to misconfiguration, mismanagement and mistakes when setting up cloud infrastructure, raising the stakes in the remote future of work. An increased reliance on virtual platforms and communications methods have also seen an uptick in phishing as well as ransomware attacks, leading to personal and important data information loss.
“In the new reality, IT leaders will need to re-focus efforts and investment on remote work security policies, access control, identity and access management, privileged access management, security awareness training, endpoint protection, data loss prevention, and supply chain risk concerns to mitigate breaches and attacks. Solutions such as Cloud Security Posture Management (CSPM) applications can enable the proactive identification and remediation of vulnerabilities, helping to improve organizational risk postures for the region’s increasingly cloud-first organizations,” said Paul Hadjy, CEO and Co-Founder at Horangi, as the company updates Warden with real-time threat detection capabilities.
There are two categories of services available to end-users in ensuring application-level cloud security. Native Cloud Security offered by Cloud Service Providers (CSP) such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) within their existing infrastructure, and Third-Party Security, which are out-of-the-box solutions offered by non-CSPs that aim to address the shortfalls of the former.
“While Native Cloud Security tools may be sufficient for businesses with a single cloud environment, third party options may be a more viable option for organizations that need to manage large or critical cloud workloads, and have multiple cloud service accounts,” added Hadjy. “Third-Party Cloud Security can value-add to internet businesses in complex and highly regulated industries such as finance, healthcare, services and government, while being fully supported operationally to scale flexibly according to business needs and developments.”
Having just obtained the Amazon Web Services (AWS) Security Competency and Public Sector Competency, Horangi remains well poised to capitalize on the growth of cloud computing in Southeast Asia, forecasted by IDC to reach US$40.32 billion by 2025. Reaffirming its market leading position and the strength of its solutions, Horangi joins a select list of companies to be accredited by the Infocomm Media Development Authority of Singapore (IMDA) in its Accreditation@SG Digital programme managed in collaboration with the Cyber Security Agency of Singapore (CSA). This forms part of the city state’s vision to improve the quality of Singapore’s SME cybersecurity landscape, with Horangi positioned alongside other qualified contenders to government and large enterprise buyers wishing to boost their digital security capabilities.
For an in-depth analysis of the competitive advantages provided by Third-Party over Native Cloud Security solutions, please download Horangi’s Whitepaper ‘The Hitchhiker’s Guide to Cloud Security’ here.