1、SurveySANS 2022 Cloud Security SurveyWritten by Dave ShacklefordMarch 20222022 SANS Institute2SANS 2022 Cloud Security SurveyExecutive SummaryOver the past several years,we have seen more and more examples of vulnerabilities in cloud assets,cloud service provider outages,sensitive data disclosure,an

2、d breaches involving the use of public cloud environments.Some examples of security issues in the cloud in 2021 include:Amazon Web Services(AWS)experienced a number of significant outages that rendered many websites and online services unavailable.More than three critical outages occurred,leading to

3、 well-known sites like Roku,Delta Air Lines,Disney+,and others being unavailable for hours.Microsoft notified some of its Azure App Service customers that a serious security vulnerability(dubbed“NotLegit”)had caused the exposure of hundreds of source code repositories.This vulnerability meant that c

4、ustomers could unintentionally configure the local.git folder to be created in the publicly accessible content root of the Azure App Service containers,which would put them at risk for information disclosure.Wiz,a cloud security firm,announced the issue in late December.The 2021 Data Breach Investig

5、ations Report1 from Verizon,released in the second quarter of 2021,noted that compromised external cloud assets were more common than on-premises assets in both incidents and breaches.Many attacks targeted credentials that were then used to access cloud-based collaboration and email services,as well

6、.Even with these types of security issues,we continue to see rapid growth in moving workloads to the cloud,building new applications in the cloud,and subscribing to a wide range of SaaS and other cloud services.The goal of the SANS 2022 Cloud Security Survey is to provide additional insight into how