Palo Alto Networks Report Finds Poor Security Hygiene Leads to Escalating Cloud Vulnerabilities

• Unit 42 Cloud Threat Report uncovers 199,000 insecure cloud templates, finds 43% of cloud databases unencrypted

Palo Alto Networks, the global cybersecurity leader, recently released research showing how vulnerabilities in the development of cloud infrastructure are creating significant security risks.

The Unit 42 Cloud Threat Report : Spring 2020 investigates why cloud misconfigurations happen so frequently. It finds that as organizations move to automate more of their cloud infrastructure build processes, they are adopting and creating new infrastructure as code (IaC) templates. Without the help of the right security tools and processes, these infrastructure building blocks are being crafted with rampant vulnerabilities.

Key findings include:

  • 199,000+ insecure templates in use : Unit 42 researchers identified high- and medium-severity vulnerabilities throughout their investigation. Previous research by Unit 42 shows 65% of cloud incidents were due to simple misconfigurations. These new report findings shed light on why cloud misconfigurations are so common.
  • 43% of cloud databases not encrypted : Keeping data encrypted not only prevents attackers from reading stored information, it is a requirement of compliance standards, such as HIPAA.
  • 60% of cloud storage services have logging disabled: Storage logging is critical when attempting to determine the scale of the damage in cloud incidents, such as the U.S. voter records leak in 2017 or the National Credit Federation data leak that same year.
  • Cybercrime groups are using the cloud for cryptojacking : Adversary groups likely associated with China, including Rocke, 8220 Mining Group and Pacha, are stealing cloud resources. They are mining for Monero, likely through public mining pools or their own pools.

The report was conducted by Unit 42’s cloud research team using a combination of publicly available data and proprietary data from Palo Alto Networks.


While IaC offers organizations the benefit of enforcing security standards in a systematic way, this research shows that this capability is not yet being harnessed. Matthew Chiodi, chief security officer of public cloud for Palo Alto Networks, notes: “It only takes one misconfiguration to compromise an entire cloud environment. We found 199,000 of them. The good news is infrastructure as code can offer security teams many benefits, such as enabling security to be injected early into the software development process and embedding it into the very building blocks of an organization’s cloud infrastructure.”


As the Unit 42 Cloud Threat Report continues to highlight increasing security risks in cloud environments, Prisma™ Cloud by Palo Alto Networks delivers comprehensive security for cloud native applications throughout the development lifecycle, in and across any cloud.

Prisma Cloud is the only Cloud Native Security Platform (CNSP) that delivers best-in-class capabilities in all key areas: visibility, governance and compliance, compute security, network protection, and identity security.