The two biggest cloud security risks continue to be misconfigurations and vulnerabilities, which are being introduced in greater numbers through software supply chains, according to a report by Sysdig.
While zero trust is a top priority, data showed that least privilege access rights, an underpinning of zero trust architecture, are not properly enforced. Almost 90% of granted permissions are not used, which leaves many opportunities for attackers who steal credentials, the report noted.
The data was derived from an analysis of more than seven million containers that Sysdig customers are running daily. The report also considered data pulled from public data sources such as GitHub, Docker Hub, and the CNCF. Customer data across North and South America, Australia, the EU, UK, and Japan was analyzed for the report.