Manoharan Mudaliar

Cyber Security Consultant

Cloud Security in 2020: Understanding Misconfiguration Risk

Cloud Security in 2020: Understanding Misconfiguration Risk

The COVID-19 pandemic has led to a seismic shift in how we work, forcing many organizations across the globe to adopt a work-from-home model.

However, the transition to remote work has left a majority of IT professionals concerned about security breaches. According to a recent report by Fugue, 96% of cloud engineering and IT teams are working from home, and 84% are concerned about the security vulnerabilities that come with managing cloud infrastructures remotely.

One of the major findings of the report is that cloud misconfigurations are a leading cause of data breaches in the cloud. Between 2018 and 2019, cloud misconfigurations cost companies an estimated $5 trillion.

In this piece, we’ll discuss cloud misconfiguration risks in detail.

What is a Cloud Misconfiguration?

Cloud Misconfigurations

As the name suggests, a cloud misconfiguration is the result of configuring a cloud-based system, tool, or asset improperly.

A poor cloud set-up may weaken the security of your organization’s cloud-based data, depending on the tool, system, or asset that is affected.

Examples of Cloud Misconfigurations

Here is a list of common cloud misconfigurations:

  • EBS data encryption not being applied.
  • Outbound access being unrestricted.
  • IAM roles not being leveraged to provide access to resources.
  • Misconfigured EC2 security group port.
  • Misconfigured EC2 security group inbound access.
  • Cloud resources being publicly exposed.
  • Unused security groups being discovered.
  • Unencrypted AMI being discovered.
  • Disabled VPC Flow logs.

What Causes Cloud Misconfigurations?

According to Fugue’s report, misconfiguration issues are quite frequent. 73% of cloud teams reported experiencing ten incidents a day, 36% reported experiencing over a hundred incidents a day, and 10% reported experiencing over 500 a day.

The leading causes of misconfiguration risk in the cloud include the following:

  • Low Awareness of Cloud Policies and Security Measures (52%)
  • Oversight and Lack of Proper Controls (49%)
  • High Number of Cloud Interfaces and APIs (43%)
  • Insider Negligence (32%)

Handling Cloud Misconfigurations: Important Considerations

Here’s what most IT professionals and cloud engineering teams do to handle cloud misconfiguration risks:

  • A large majority (73%) utilize manual techniques for remediation, once tools discover and identify issues.
  • However, manually addressing cloud misconfigurations poses the risk of human error during categorization (46%) and remediation (45%).
  • Nearly half (49%) of teams devote over 50 hours every week handling cloud misconfigurations. 20% put in over 100 hours trying to manage them.

Addressing cloud misconfiguration risks internally may not be the best security strategy for your business. You should consider consulting a certified information security manager to help you develop effective security tools for your cloud-based system

As a premium cybersecurity consultant with an ISACA certification, I will help your organization secure its cloud system, assets, and tools with robust and innovative solutions.

Get in touch with me for more information on my services.

Posted in

Manoharan Mudaliar
Consultant and Blogger

Leave a Comment