Skip to content
Join the Censys Community Forum: Connect, Share, and Thrive! | Start Here

Cloud Misconfiguration Mayhem

An Analysis of Misconfiguration of Services Across Providers

Misconfiguration of the cloud is the #1 cause of cloud-based data breaches as Cited by Gartner. Our team started investigating and compiling data in March 2021 from a dozen popular cloud providers in the industry, including the 2020 Gartner Magic Quadrant Cloud Providers.


The increase and ease of cloud computing has created significant security challenges that every organization is trying to effectively manage. The cloud has amplified the age old problem around ensuring you have confident inventory of all your assets and that they are secure. This research aims to provide data-driven insights into service exposures on the cloud that can have severe business consequences in a few impact areas: data breaches, malware, ransomware, and services that may leave organizations vulnerable to attacks like credential stuffing.

Key Findings

  • Our research identified nearly 2M database exposures across cloud providers. We found 1.93M Internet-facing database services during our research and include the following database services: MySQL, Postgres, Redis, MSSQL, MongoDB, Elastic Search, Memcached, and Oracle Databases.

  • We found more than 1.9M RDP exposures across the dozen cloud providers we investigated. Internet-facing RDP services have posed significant risk across the industry due to the rise in ransomware attacks. The total RDP exposures, however, only made up a small percentage of total services observed in all dozen cloud providers we investigated at only 2.2%.

  • Users of OVH were more likely to expose MySQL database services relative to other providers and users of Tencent were significantly more likely to expose RDP services. We calculate the rate of prevalence of a service per 100,000 hosts in a provider to control for the sheer size differences in cloud infrastructure. Controlling for size, this metric gives us interesting insights into user behavior across cloud providers when it comes to exposures like database and remote administration tools like RDP and SMB.

Additional Topics we’ll address

  • The rates of misconfiguration of Internet-facing services across cloud providers.
  • Analysis and insights to support CISOs & improve their visibility across Internet-facing assets.
  • How Censys Labs leveraged data to understand misconfigurations exposed across the Internet.
  • ShadowCloudTM: We believe it’s not all bad and can be a sign of innovation, we’ll highlight the types of risks to watch out for.
  • How you can find your own system of external records before any hacker could & create a continuous monitoring system to baseline performance

Dive Deeper

This research paper is covered in our webinar and Q&A Data-driven Approaches to Finding Misconfiguration across Cloud Providers. The webinar will dive deeper into how we leverage our incredible visibility of the Internet. We’ll cover what tools aren’t giving organizations, especially fortune 500 companies, a holistic picture of the cloud, and which tools do. Stream it now!

Download the Report

Attack Surface Management Solutions
Learn more