Call Us: 866.PICK.ITS or Have Us Contact You:
The vast majority of security incidents involving cloud computing platforms happen as a result of improper configuration. Misconfigurations occur when computing assets are set up incorrectly, leaving them vulnerable to malicious activity.
Some examples of misconfiguration include: unsecured data storage elements or containers, excessive permissions, unchanged default credentials and configuration settings, standard security controls left disabled, unpatched systems, logging or monitoring left disabled, and unrestricted access to ports and services.
This isn't usually deliberate. While these platforms are designed to streamline many administrative duties, the platforms themselves are so complex, and change so frequently, it's often difficult to understand the ramifications or consequences of toggling a specific setting.
And because a single administrator can quickly propagate configuration changes to an organization's entire set of computing buckets, they can inadvertently expose sensitive data to the world. Breaches of this nature are becoming increasingly common. Such incidents have hit companies as diverse as Netflix, Ford, and TD Bank in the past year.
Another headline this past year was when a security researcher discovered several Amazon S3 buckets belonging to a backup provider. The buckets contained massive repositories of companies' email archives, and entire backups of employees' OneDrive storage accounts. The data, which was in storage since 2014, contained extremely sensitive business reports, administrator passwords, and HR documents about employees. If this data had been discovered by a cybercriminal, it would have had much more severe consequences.
Traditional control methods are not effective in the cloud. There is a whole set of new cloud and change management policies that must be implemented. Depending on the nature of the misconfiguration, and how quickly it is detected and resolved will determine the business impact.
That is why it is critical to partner with an experienced managed cloud service provider like IT Solutions. In addition to having proven cloud policies in place and the proper technology to continuously scan for misconfigured resources, we have a fully staffed proactive services team to remediate any problems in real time, ensuring best practices are implemented at all times.
Unsure if your cloud environment has been configured properly? Sign up for our Network & Security Assessment to find out!