Nearly all cloud storage deployments are misconfigured

News
By published

Improperly setup cloud storage could present hackers with a golden opportunity.

Best virtual desktop
(Image credit: Shutterstock/Bluebay)

A large majority of cloud deployments feature misconfigured storage services, new research has claimed.

Upon analyzing a batch of cloud deployments from a range of different businesses, researchers from Accurics, found that a worrying 93% had misconfigured storage services. The majority also contained at least one network security exposure that had been left open during deployment.

The Accurics team suggests that new trends in poor security management are leading to these exposures as “one in two deployments had unprotected credentials stored in container configuration files”. More worryingly, 41% of the organizations evaluated had left a hardcoded high privilege key in a config file. A breach involving such a key would expose all associated resources. 

A high-profile attack on communications services provider Twilio recently demonstrated the potential danger of cloud storage misconfigurations like those reported by Accuris. In mid-July, an opportunistic attacker accessed a Twilio S3 bucket with public write permissions. The attacker was then able to upload a malicious batch of code that may have been live on Twilio’s CDN for up to 24 hours.

Cloud storage risks

Besides leaving hardcoded keys in configuration files, the Accurics study identified two other commonplace errors made when deploying cloud storage. The first is the use of unnecessarily permissive IAM (Identity and Access Management) policies that could enable an attacker to take control of a sensitive cloud resource. 

The other frequent mistake involved network exposures generated by risky routing rules. Resources that were designated as private were, in fact, commonly exposed due to connections between the private subnets that contained them and public subnets. In fact, in each one of the deployments considered by the study, at least one networking route existed that could be used to access a private subnet from the open internet.  

Accurics noted the “inconvenient truth” that cloud deployments tend to drift away from a secure state over time. This means that cloud infrastructure security must be a focus throughout the lifetime of any deployment. It’s vital that issues are mitigated prior to cloud provisioning, and deployments should be continually monitored for risk once in use.

Jacob Parker
Latest in Pro
Branch office chairs next to a TechRadar-branded badge that reads Big Savings.
This office chair deal wins the Amazon Spring Sale for me and it's so good I don't expect it to last
Saily eSIM by Nord Security
"Much more than just an eSIM service" - I spoke to the CEO of Saily about the future of travel and its impact on secure eSIM technology
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
FlexiSpot office furniture next to a TechRadar-branded badge that reads Big Savings.
Upgrade your home office for under $500 in the Amazon Spring Sale: My top picks and biggest savings
Beelink EQi 12 mini PC
I’ve never seen a PC with an Intel Core i3 CPU, 24GB RAM, 500GB SSD and two Gb LAN ports sell for so cheap
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Latest in News
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
More about pro
Page shows the getting started page on the Notability app.

I enjoyed testing this satisfying note-taking app, but its collaboration skills were weak
Asus NUC 15 Pro+

Asus unveils its most powerful mini PC to date — but I don't think the Intel-powered NUC 15 Pro+ will compete with Strix Halo models
Student with headphones around her neck using a phone while sitting in a cafe in front of a laptop

One of the richest men in the world castigates the billions of dollars spent on buying laptops for US classrooms with no apparent improvements
See more latest
Most Popular
Student with headphones around her neck using a phone while sitting in a cafe in front of a laptop
One of the richest men in the world castigates the billions of dollars spent on buying laptops for US classrooms with no apparent improvements
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring
Tesla Model Y 2025
Tesla’s EU sales are in freefall as VW races ahead, but the Model Y could change all that
Asus NUC 15 Pro+
Asus unveils its most powerful mini PC to date — but I don't think the Intel-powered NUC 15 Pro+ will compete with Strix Halo models
HDD
Seagate teams with Nvidia to build an NVMe hard drive proof of concept, more than 3 years after its last effort
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora