Estimated reading time: 3 minutes, 0 seconds

Proper Configuration Can Help Prevent Cloud Breaches   Featured

Proper Configuration Can Help Prevent Cloud Breaches    "Trusty old tool photographed on the garage floor. \r\n\r\nInteresting how you sometimes never notice what is right there before you everyday. The background has an effect like a filter was applied\u2026actually, the garage floor just turns out to be rather interesting when examined up close."

Adopting the cloud for hosting various business data and applications offer various advantages that could not be attained when using the traditional methods. The benefits include easy management, access and scalability. It can also reduce the cost of operations in the long term while enhancing efficiency. With the cloud, companies have managed to embrace digital transformation easily, which was evident during the global pandemic that forced people to work remotely. The cloud’s dependability and flexibility enabled organizations to quickly and easily migrate to remote work at a reasonable cost. However, the cloud also presents certain risks. The risks have traditionally led to the denial of service, data loss, and malware.

Despite the advantages of flexibility, a swift shift to the adoption of the cloud can result in mistakes, commonly referred to as misconfigurations. These are caused by errors or poor cloud service configuration choices. While some people might see the small misconfiguration as a non-issue, simple mistakes can lead to unintended exposure of information and challenges in service delivery.

While they may appear small and avoidable, misconfigurations present significant risks to the cloud environment. It is alleged that 65 to 70% of all security issues experienced in the cloud environment are caused by misconfigurations. These include settings, policies, assets and interconnected services and resources. This is especially challenging considering organizations have been migrating quickly to the cloud as remote work became a new norm. Unfortunately, when organizations start rushing to adopt new technology without understanding the potential problems and configuration best practices, it can lead to unprecedented issues in the end.

As one of the attack vectors, misconfigurations have been identified as the reason behind losses of almost US$5 trillion in 2018 and 2019. In 2020, for example, Estee Lauder records, including user email addresses, audits, production logs and other crucial pieces of information, were exposed. On the other hand, CAM4, an adult website, leaked 10.88 billion records, including users’ personally identifiable information (PII), passwords, and payment logs.

A data breach can be an attack where sensitive or confidential information is lost, viewed or stolen by unauthorized people. Data breaches can lead to various business impacts like damaging the company’s reputation and leading to mistrust, loss of intellectual property to competing companies, regulatory implications, legal and contractual issues and financial expenses.

Inadequate control of change and misconfiguration

Misconfiguration is said to have occurred if computing assets are incorrectly set up, leaving these assets vulnerable to breaches and other malicious activities. Some key examples of misconfiguration include unsecured data storage elements, excessive permissions, inadequate security controls, controls being left disabled, lack of logging or monitoring, unrestricted port access and unpatched systems.

Recommendations for keeping off misconfiguration issues

  1. Grant the least-privilege access

Users need to be given only the necessary access or permission they require to operate. Admin privileges should be given only to those who require them.

  1. Adhere to the shared responsibility model

When users understand their tasks and responsibilities, misconfigurations reduce the risk of breach. A shared responsibility model will help users understand what they are responsible for and enable the organization to monitor and patch configurations.

  1. Educate and train staff

Team members need to learn the importance of proper configurations ad their responsibilities. They should identify insecure practices so that they can promptly report issues. This can only be achieved through education on the threats and misconfigurations they need to watch.  

  1. Create and implement security procedures, policies and standards,

Effective and detailed rules, policies, procedures and standards must be identified, defined and implemented to reduce the risk of misconfigurations. These are policies associated with creating and using passwords, encryption, remote access, and database management.

Read 178 times
Rate this item
(0 votes)
Scott Koegler

Scott Koegler is Executive Editor for PMG360. He is a technology writer and editor with 20+ years experience delivering high value content to readers and publishers. 

Find his portfolio here and his personal bio here

scottkoegler.me/

Visit other PMG Sites:

click me
PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.