Almost half of the world’s organizations have suffered a cyberattack due to poor infrastructure-as-a-service (IaaS) visibility and access management.
This is according to a new report from SailPoint, which claims that businesses are failing to prioritize proper identity governance controls for IaaS platforms as they would for other parts of the business.
Making matters worse, three quarters of businesses use more than one IaaS provider and almost half use three or more. This practice has become extremely common during the Covid-19 pandemic, as businesses rushed to shift into the cloud to minimize costs and provide ongoing business flexibility.
In an attempt to tame unwieldy IaaS environments, businesses start using more tools, which introduces complications in the context of access management and cybersecurity.
With a third failing to regularly review governance, businesses aren’t paying enough attention to who can access what, SailPoint claims.
“Understanding who exactly has access to what, and when, is critical in order to protect the enterprise network against trespassers. IaaS might be a newer area of the business, but the rule is just as critical here,” said Ben Bulpett, EMEA Director at SailPoint.
“IaaS is a business-critical technology that speeds up and enables today’s digital organizations; however, without proper governance, this can represent a significant cybersecurity risk.”