Have you ever asked yourself what the biggest threats are in the cloud? The answer may not be what you’d expect it to be. Rather than big named malware or cyber attacks, the biggest risk in the cloud happens due to service misconfigurations. Despite the cloud’s clear operating model, teams continue to make simple mistakes or overlook the simple task of properly configuring the services they use in the cloud.
Security in the Cloud is a shared responsibility as both customer and provider has their respective responsibility, these are usually based on the Shared Responsibility Model. The model defines which segments each are responsible for. At a glance, are you doing your part? Or did you assume it was handled by your provider?
One common misconfiguration misstep comes from pre-configured deployment services. Most misunderstandings arise from thinking that after being given the configurations that they too will handle update patching and even maintenance of said configuration. It falls on you the user to do these responsibilities and make sure that your system is safe!
Another common cause of misconfiguration is from human error. As per our nature, we are bound to make errors along the way when working even if we take as much precaution as we can. This is where automation can help make sure that these errors don’t occur. Let’s say the operating system your team uses for your systems has a new patch that needs to be deployed. Instead of someone patching each of the production virtual machines, that team member should patch the original template of the virtual machines and a build system should redeploy production.
For safety measures as well, it is always in best practice to verify that your providers are doing their part in keeping you secure. This is not to say that your provider is not doing their job, usually the 3 big cloud providers have an overwhelming amount audit evidence you can browse, its always just better to keep the habit of counter checking when security is involved.
Interested in learning more about our Cloud Security Solutions? Contact us at 8893-9515 and we would be happy to answer your inquiries!