How to avoid cyber threats from cloud security misconfigurations

Since last year there has N number of reports of user data being leaked from cloud platforms. For instance, in July last year, personal data of more than 198 million US voters was exposed all because of an S3 misconfiguration owned by data company Deep Root Analytics.

If we dig deep into the history, many such instances will come into light-giving us a hint that the problem is turning worse with the pass of the time.

And according to a survey report released by RedLock, over 53% of organizations that use cloud storage service like Amazon S3 have found their info exposed to the public at least once in the last three years. In addition to this, the report says that over 38 percent of organizations have administrative user accounts that have been compromised.

Thus, those using cloud services or intending to do in near future should first understand the security gaps exposed during cloud access to avoid serious embarrassments. This can be done by following the below steps-

Educating the employees is a must– All employees who are supposed to manage sensitive data should first adequately be trained and then handed over the credentials of their duty. This helps them not only understand the complex nature of the cloud but also helps them be prepared for any untoward incident occurring in the future.

Having a basic security vision- In addition to security training, companies should rely on Cloud Service Providers (CSP) which offer basic security features such as multi-factor authentication. This includes locking down root account credentials and running vulnerability and penetration tests on the cloud platform- which involves the permission of the cloud service provider. Furthermore, companies should also check for permissions of their publicly accessible S3 buckets in their AWS magazine consoles and confirm that they are not accessible to everyone. Also, CSPs offering security measures such as logging, network segmentation, and encryption should only be entertained.

The expectation from the vendors- Companies should be more careful while selecting cloud vendors. They must use the services of only those which allow their platforms to be integrated with on-premise security conveniences such as authentication, single sign-on, on-premise integration, security customizations for employees and customers and such. Moreover, the configuration should not be complex and should be able to serve every customer’s use case.

Agree with what is being said above.

You can share your views through the comments section below.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display