Although some people might not have heard about them, security professionals understand that data breaches that have taken place in different companies. More than 62% of industry experts warn that cybersecurity breaches in the cloud originate from misconfiguration which they identify as the biggest danger to cloud storage and security of data. Ecuadorian data analytics company Novestat, for example, had data of more than 20 million people compromised due to failure to secure its Elasticsearch server. Another example of such exposure is the LionAir exposure which resulted from AWS S3 buckets that contained personally identifiable information (PII) that was left exposed. The information that was held there included passport numbers among others and such a mistake left it completely exposed.
At the top
Cloud Security Alliance Top Threats in their 2019 report lists infrastructure, data breaches, and misconfiguration as the leading three risks in cloud usage. This is because not every user of the cloud is an expert although most of those who have the responsibility to manage cloud on behalf of the consumers are professionals. Therefore, most organizations that use the cloud are yet to understand the threats that these issues present, and lack knowledge on the importance of the role of shared responsibility. With proper collaboration between cloud service providers and the user can deliver proper security. This collaboration makes a massive difference in cloud usage. According to Bergsma, insecure default configurations are the root cause of access control problems such as privileged access that can result in breaches and loss of data. Similarly, the lack of adequately defined parameters in networks leads to inadequate trust mechanisms and vetting of resources.
Many modern organizations ignore their duties regarding cloud data security. The latest research indicated that only 32% of organizations believed that it is their responsibility to protect data in the cloud. Most of them do not believe in shared responsibility which is further complicated by a confusing supply chain. The bad thing, however, is that many enterprises are now in the process of adopting cloud solutions. Nominet, in their recent survey noted that 88% of respondents agreed that they are currently in the process of adopting cloud solutions. Although it is the intention of most of these organizations to migrate to the cloud, security mindsets and their respective strategies are still on-premise. This mentality is what has caused organizations and individuals to continue ignoring configurations that could have otherwise helped protect data.
Although many cloud service providers do a decent job in advising their respective customers on the best practices for securing the cloud, most of them do not supply all the details regularly to support their customers. As the terrain continues becoming more complex, organizations must do what it takes to redefine the security of data in the cloud and enforce adequate security controls close enough to the data. They must also equally reimagine configurations in a manner that is data-centered, smart and fast to ensure that productivity and innovation are not affected.