Q: What are the most Common Misconfigurations on the Cloud, that could lead to compromise, breach or an attack?
A: Private clouds are iron clad and even public cloud networks have strong security. Surprisingly then, a recent research study conducted by a global market intelligence firm found that almost all (98% to be precise!) companies they surveyed had experienced at least one cloud data breach in the past 18 months. Using automated tools, hackers are able to scan the internet for cloud misconfigurations within minutes of their inception – finding them in no time. We see that with the move towards the cloud, many misconfigurations are unfortunately overlooked.
The cloud can be secure, only if you believe in dual responsibility. Ensure your assets are safe by keeping these 5 Common Cloud Misconfigurations in mind.
1. IAM Policy Errors
2. Disabled Logging and Monitoring
3. Overly Permissive Access to Hosts, Containers & VMs
4. Backup Storage Location Misconfigurations
5. "Secrets" Management
The trick to preventing cloud misconfigurations are to:
1. Keeping an inventory of your services and their status,
2. Checking the guidance of the cloud services provider (e.g. for Azure cloud environments, Microsoft provides the Azure Secure DevOps Kit), and
3. Regular testing and continuous monitoring
Don't miss the cool infographic!