Skip to content

Cloud Infrastructure Vulnerabilities to Increase 50%, but Misconfiguration Still Main Concern

Despite the growing number of vulnerabilities in cloud infrastructure services, containers and other products with a prominent role in cloud enablement, cyber hygiene still biggest risk

SAN JOSE, Calif.
October 24, 2019

Key findings of the report include:

  • Vulnerabilities affecting cloud IaaS solutions likely to increase 50% over 2018 figures
  • Cloud container vulnerabilities have increased by 82% thus far in 2019
  • Third-party cloud plugins and apps further expanding the attack surface
  • Misconfigurations the greatest risk to cloud security

Skybox® Security, a global leader in cybersecurity management, today announced the release of its 2019 Cloud Trends Report. The report, compiled by the team of security analysts at the Skybox® Research Lab, analyzes vulnerability trends and other risks in cloud infrastructure as a service (IaaS). Its analysis also concerns other technologies relevant to the use of IaaS such as containers, orchestration platforms and devops tools. In addition to analysis findings, the report also provides guidance on best practices to improving cloud security capabilities in light of these trends.

“Vulnerabilities within IaaS cloud solutions are naturally going to continue to climb as these services are more widely adopted,” said Skybox Chief Technology Officer Ron Davidson. “Organizations would be wise not to be too distracted by this increase in vulnerability reports. The biggest cloud insecurities don’t exist within the service provider’s infrastructure itself, but in the way that companies implement and manage the technology. Without proper security considerations and oversight, misconfigurations and policy violations may abound. These process-related issues are hiding in plain sight within organizations — and they present the greatest risk.”

“Risks within cloud environments are difficult to manage in many organizations simply because the traditional tools, processes and teams are often ill-equipped to handle the volume and velocity of change in cloud environments.” Said Amrit Williams, VP of products at Skybox. “Handling the security and management of disparate infrastructures is incredibly complex, so many organizations are being forced to rethink how to maximize the effectiveness of their cloud deployments while maintaining efficiency. This report highlights the need for organizations to try and unify their methodologies across their hybrid infrastructure, while still understanding there are unique challenges with cloud.”

To read the full report, click here.

About Skybox Security

Over 500 of the largest and most security-conscious enterprises in the world rely on Skybox for the insights and assurance required to stay ahead of dynamically changing attack surfaces. Our Security Posture Management Platform delivers complete visibility, analytics and automation to quickly map, prioritize and remediate vulnerabilities across your organization. The vendor-agnostic solution intelligently optimizes security policies, actions and change processes across all corporate networks and cloud environments. With Skybox, security teams can now focus on the most strategic business initiatives while ensuring enterprises remain protected.

Media Contact

Ashley Nakano | Corporate Communications

We are Skybox. Secure more, limit less.

© 2021 SC Media. CyberRisk Alliance, LLC. All rights reserved. Used under license.

© 2021 Skybox Security, Inc. All rights reserved. Skybox Security and the Skybox Security logo are either registered trademarks or trademarks of Skybox Security, Inc., in the United States and/or other countries. All other trademarks are the property of their respective owners. Product specifications subject to change at any time without prior notice.

The industry’s most comprehensive and accurate exposure analysis.


Our executive team is comprised of seasoned Silicon Valley business leaders and cybersecurity experts.


We pioneered the leading Security Posture Management Platform that powers proactive cybersecurity programs.