Estimated reading time: 2 minutes, 57 seconds

Poorly configured cloud environments are proving to be the source of data breaches and leaks. This raises serious concerns for companies that have migrated their operations to the cloud. The number of leaks has increased significantly over the past few years, while the potential impact that they pose to organizations also has risen. Sadly, many of these leaks end up going unnoticed depending on the size of the party affected or the sensitivity of data leaked. Over the past few years, some organizations such as Facebook among others, have had data subjected to potential abuse due to misconfiguration issues.

Although some people might not have heard about them, security professionals understand that data breaches that have taken place in different companies. More than 62% of industry experts warn that cybersecurity breaches in the cloud originate from misconfiguration which they identify as the biggest danger to cloud storage and security of data. Ecuadorian data analytics company Novestat, for example, had data of more than 20 million people compromised due to failure to secure its Elasticsearch server. Another example of such exposure is the LionAir exposure which resulted from AWS S3 buckets that contained personally identifiable information (PII) that was left exposed. The information that was held there included passport numbers among others and such a mistake left it completely exposed.

At the top

Cloud Security Alliance Top Threats in their 2019 report lists infrastructure, data breaches, and misconfiguration as the leading three risks in cloud usage. This is because not every user of the cloud is an expert although most of those who have the responsibility to manage cloud on behalf of the consumers are professionals. Therefore, most organizations that use the cloud are yet to understand the threats that these issues present, and lack knowledge on the importance of the role of shared responsibility. With proper collaboration between cloud service providers and the user can deliver proper security. This collaboration makes a massive difference in cloud usage. According to Bergsma, insecure default configurations are the root cause of access control problems such as privileged access that can result in breaches and loss of data. Similarly, the lack of adequately defined parameters in networks leads to inadequate trust mechanisms and vetting of resources.


Many modern organizations ignore their duties regarding cloud data security. The latest research indicated that only 32% of organizations believed that it is their responsibility to protect data in the cloud.  Most of them do not believe in shared responsibility which is further complicated by a confusing supply chain. The bad thing, however, is that many enterprises are now in the process of adopting cloud solutions. Nominet, in their recent survey noted that 88% of respondents agreed that they are currently in the process of adopting cloud solutions. Although it is the intention of most of these organizations to migrate to the cloud, security mindsets and their respective strategies are still on-premise. This mentality is what has caused organizations and individuals to continue ignoring configurations that could have otherwise helped protect data.

Although many cloud service providers do a decent job in advising their respective customers on the best practices for securing the cloud, most of them do not supply all the details regularly to support their customers. As the terrain continues becoming more complex, organizations must do what it takes to redefine the security of data in the cloud and enforce adequate security controls close enough to the data. They must also equally reimagine configurations in a manner that is data-centered, smart and fast to ensure that productivity and innovation are not affected.

Read 571 times
Rate this item
(0 votes)
Scott Koegler

Scott Koegler is Executive Editor for PMG360. He is a technology writer and editor with 20+ years experience delivering high value content to readers and publishers. 

Find his portfolio here and his personal bio here


Visit other PMG Sites:

click me
PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.
Ok Decline