4 Common Cloud Vulnerabilities Which Lead to a Breach

This post is also available in: French German Italian Portuguese (Brazil) Spanish Russian

Moving to the cloud is all about agility and speed, but this agility and flexibility frequently comes at the expense of security, leaving organizations, customers, and their data at risk. As more and more organizations adopt multi-cloud and hybrid cloud strategies, this is adding additional challenges and threat vectors to an increasingly complex environment.

Four Common Cloud Vulnerabilities

Public Exposure: It’s the oldest mistake in the book— spinning-up a new cloud resource but leaving it publicly accessible and completely unsecured. Hackers nowadays routinely employ automated tools which scan target networks for any exposed assets, meaning your unsecured public assets are guaranteed to be discovered.

According to Gartner, by 2021, over 50% of enterprises will unknowingly and mistakenly have some IaaS storage devices, networks, applications or APIs directly exposed to the public internet.

Excessive Permissions: One of the major benefits of moving to the cloud is that it enables fast business operations. However, in the name of expediency, access credentials are frequently handed out in a hasty and unnecessary manner; many users end up with excessive permissions for which they have no business need. The problem is if any of those credentials fall into the wrong hands, attackers will have far-reaching access to sensitive data.

According to Gartner, by 2023, 75% of cloud security failures will result from inadequate management of login credentials, identities, and privileges, up from 50% in 2020.

[You may also like: Cybercriminals Use Automation, Here is Why You Should Too]

Too Many Alerts: This may sound counterintuitive, after all, detection of suspicious activities is a good thing, right? Well, it depends. Are those alerts helping you detect malicious activities, or are they drowning you in noise?

According to a study by IT security firm Bricata, the average SOC receives over 10,000 alerts each day. This is a massive figure, which no human (or team of humans) can realistically deal with. It means security managers must sift through a sea of excessive alerts and false positives to find the important alerts indicative of malicious activity.

Insufficient Context: Everybody talks about ‘context’ but what does it mean? One of the key challenges in security is that looking at any single alert doesn’t tell you very much.

 Is that login in the middle of the night a hacker, or an admin working late?

Is that first time API invocation an act of reconnaissance, or a DevOps engineer going about their business?

 Is that access to a sensitive storage bucket a new feature being released, or the last step in a data breach?

Practically every user activity can be either legitimate or not and looking at just that activity tells you close to nothing.

What you need, instead, is to be able to intelligently correlate events across multiple threat surfaces, application layers, and time span, to be able to connect event A to event B to event C – even if they are months apart – and see when you are under attack and to block it in time.


The cloud is not “more” or “less” secure; it’s different. This means you need defenses which are specifically adapted to the cloud, and to the unique threats you face there.

Although the list of vulnerabilities is endless, working to remediate these four common cloud vulnerabilities will help you a long way in making your cloud more secure.

[Like this post? Subscribe now to get the latest Radware content in your inbox weekly plus exclusive access to Radware’s Premium Content.]

Eyal Arazi

Eyal is a Product Marketing Manager in Radware’s security group, responsible for the company’s line of cloud security products, including Cloud WAF, Cloud DDoS, and Cloud Workload Protection Service. Eyal has extensive background in security, having served in the Israel Defense Force (IDF) at an elite technological unit. Prior to joining Radware, Eyal worked in Product Management and Marketing roles at a number of companies in the enterprise computing and security space, both on the small scale startup side, as well as large-scale corporate end, affording him a wide view of the industry. Eyal holds a BA in Management from the Interdisciplinary Center (IDC) Herzliya and a MBA from the UCLA Anderson School of Management.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center