Unveiling 290K Cloud Vulnerabilities: Assessment for Security Optimization

Are you confident in your organization’s cloud security? Help AG’s Cloud Security Assessment recently uncovered 290,000 vulnerabilities in just ONE customer’s cloud environment! 

The cloud security team at Help AG conducted a comprehensive assessment for a customer with a 100% cloud-deployed infrastructure. During our assessment, we discovered a staggering 290,000 findings, including: 

• Accounts with unused 90+ day permissions 

Unused permissions pose a significant risk as they provide potential entry points for unauthorized access. Just-in-time provisioning workflow is an effective way to manage these permissions, where access is granted only when required and revoked when no longer needed. This process helps maintain a least-privilege access model and reduces the attack surface. 

• Shadow administrators 

These accounts possess administrative privileges but are not part of the official “Administrators” group. This lack of proper classification leads to insufficient auditing and oversight, increasing the risk of unauthorized actions.  

• Wildcard permissions

Granting blanket access rights to all services can be a dangerous practice, even if they are read-only permissions. A least-privilege approach should be followed, where users are granted access only to the services they require.  

• Non-human identities with built-in roles

Cloud Service Providers (CSPs) often include built-in roles to simplify adoption, but these roles may not follow security best practices. Assigning such roles to non-human identities (e.g., applications or infrastructure) can lead to security breaches and lateral movement within the environment.  

• Accidental public access 

Public access might be necessary for some cloud services (e.g., a website hosted on an AWS S3 bucket), but it’s often granted unintentionally due to insecure defaults or human error. In such cases, anyone can access the service, potentially leading to unauthorized access to sensitive data.  

With our remediation guidance, the customer managed to reduce the number of findings to around 27,000 in just 2-3 weeks. Cloud security is crucial for businesses and should be integrated with Cloud Security Posture Management (CSPM) for maximum effectiveness. 

Help AG empowers your secure cloud enablement by assisting you in carrying out a compliant cloud migration, implementing corrective controls, and delivering assessments to identify security risks in cloud configurations and reveal deviations from recommended cloud security architecture. Our methodologies, technologies, and expertise are custom-tailored to your performance requirements. Our cloud security assessment service is designed to help organizations identify and rectify vulnerabilities before they’re exploited, ensuring a secure cloud environment.   

Don’t leave your cloud security to chance. Let Help AG assist you identifying and remediating vulnerabilities in your cloud infrastructure. Contact us today to have a discussion with our cloud security experts, and let’s schedule an assessment, if that would be useful to understand and mitigate risks in your infrastructure.