A new report by Accurics revealed that cloud app developers are still making the same mistakes, putting their organizations at serious risks.
Indeed, it was stated that development teams are still making some common errors and misconfigurations like insecure storage buckets, hardcoded passwords, and exposed networking.
This lack of awareness around the impact of default configurations and security groups could lead to accidental leaks or exposures. Development teams should focus on fixing violations and drifts in pre-production environments to ensure the security of the system and the organization in itself.
Moreover, the report points out that the recent SolarWinds Orion hack put issues related to insecure application development back into the spotlight.
Indeed, it was reported that 22.5% of issues are related to poorly configured managed services offerings. Hence, organizations are more are risk of being targeted by cyberattackers who could access their services, read their data, and potentially change things.
The research also highlighted another issue, which is cloud-based identity and access management (IAM). It was witnessed that more than a third of the IAM drifts detected originated in infrastructure-as-code.
These issues are serious and are becoming more and more of a problem, especially as it takes a lot of time to detect and fix them.
Hence, the report recommends that cloud developers adopt security by default approaches to maximize the protection of organizations and that they improve communications between development, security, and operations teams.
Besides, they should also maintain a good security architecture of their SDLC components and start leveraging Infrastructure as Code to enhance repeatability, consistency, and speed of the provisioning process.