IT security teams are well aware of the dangers of cloud misconfigurations. Poorly configured cloud infrastructure, applications, and storage have proved to be a major threat as attackers capitalize on an opportunity to sneak into enterprise environments and steal information or move laterally.
Misconfigurations have only grown more common amid the COVID-19 pandemic and a global rush to shift organizations into fully virtualized workforces. The accelerated jump to the cloud has led to careless mistakes and, consequently, opportunistic attacks to take advantage of them.
"You get this combination of cloud security issues that are primarily the users of the cloud – not the cloud providers themselves – misconfiguring, embedding credentials inappropriately, leaving passwords, not hardening their cloud because they're moving so quickly … that's led to several compromises," explains Jim Reavis, co-founder and CEO of the Cloud Security Alliance.
Organizations hastily moving to the cloud often lack a strategic view and fail to consider factors such as threats that could put them at risk and high-priority security functionalities, Reavis says. They forget to lock down storage buckets and databases, leave credentials viewable in Github, and fail to patch or maintain good security hygiene in virtual machines and containers, he adds.
"Out of this, you give the attackers an ability to really be able to do some pretty quick scanning of cloud environments, finding several things that are insecure, and then being able to go do a deeper dive hack," Reavis continues. Configuration management can help prevent these threats.
IT and security teams are discovering several unexpected gaps resulting from the rapid transition to cloud. Now they have to consider tactical solutions and a ..
Support the originator by clicking the read the rest link below.
