Cloud Misconfiguration: What It Is and How to Prevent It

April 1, 2021 |

Cloud security threats can take on many forms, and the rise in them comes from the increase in cloud adoption across the globe. In fact, according to this Security Boulevard article, cloud misconfiguration is the leading cause of data breaches on the cloud.

But securing a cloud environment requires a much different security strategy than that of a physical data center because many traditional security solutions are irrelevant. 

One of the most common challenges organizations face when it comes to cloud security is cloud misconfiguration. Let’s talk about what cloud misconfiguration is and how to prevent it.

What is Cloud Misconfiguration?

Cloud misconfiguration is when a company has not configured its cloud-based system correctly, leaving the door wide open for hackers. This major compliance risk can take many forms, including:

  • Unknowingly exposing unencrypted data to the public internet without any required authentication set up;
  • Granting public access to storage buckets;
  • Improper creation of network functionality;
  • Allowing all system users access to exposed cloud-stored data; and,
  • Storing encryption passwords and keys in open repositories.

Cloud misconfiguration, according to this Security Boulevard article, is most commonly caused by:

  • Lack of awareness of cloud security and policies;
  • Lack of adequate controls and oversight;
  • Too many cloud APIs and interfaces to adequately govern the system; and,
  • Negligent insider behavior.

What Can Happen When Cloud Misconfiguration Occurs

As more organizations store data in the cloud, cases of cloud misconfiguration errors skyrocketed in recent years. According to this Business Insights article, cloud misconfiguration caused eight out of 10 data breaches from January 2019 to June 2020. 

But what can happen when this occurs? Cloud misconfiguration creates an easy way for cybercriminals to access cloud-based data, steal it, ransom it, and sometimes even install digital skimming code. 

Digital skimming attacks are when hackers place code into a website’s scripts, which gets loaded when a visitor loads the site onto their browser. When the visitor inputs sensitive information (e.g., credit card number, account numbers, social security numbers, etc.), the skimmer code catches it and sends it to a hacker-controlled server. From there, the data is harvested and sold or used illegally. 

There are countless examples of cloud misconfiguration-related data breaches, but one worth mentioning occurred in 2018 when FedEx unknowingly exposed thousands of scanned documents due to the company’s failure to secure an Amazon Web Services (AWS) cloud storage server. The breached documents included passports, drivers’ licenses, and applications for delivery of mail forms which contained customers’ names, home addresses, phone numbers, and zip codes.

How to Prevent Cloud Misconfiguration

The good news is there are a number of best practices your organization can implement in order to better secure its cloud-based assets and, therefore, prevent a cloud-misconfiguration breach.

  • Implement logging practices. Turn on logging to help manage the number of users making changes within your cloud environment. By tracking changes, you can help identify the cause of any misconfiguration events.
  • Enable encryption. Enabling encryption protects data from unauthorized viewing. 
  • Check permissions. Limit permissions to only those individuals who need access in order to perform their job functions. Widespread access creates weak links in your overall security. 
  • Perform consistent misconfiguration audits. Ensure your cloud-environment stays secure by implementing regular audits to look for signs of misconfiguration and other cloud-based threats.
  • Create, apply, and communicate strong security policies. Be sure you set and integrate strong security policies into all processes used to build or enhance cloud infrastructure. Don’t forget to communicate these policies to employees so they aren’t misconfiguring cloud settings without knowing it.
  • Implement an automated remediation solution to monitor and alert for misconfiguration issues. Examples of security tools that can do this for you include products from McAfee, Sophos, Kaspersky, Bitdefender, and more. These combine a number of security monitoring and alerting tools into one centrally managed solution.

The more cloud security automation you can use, mixed with human-controlled methods, the better prepared your organization will be in reducing the risk of a cloud misconfiguration breach.

Interested in learning more about how you can better protect your cloud-based assets? Contact us. 

Let's Talk