Let’s say you are building your own house with a concrete slab for the foundation. You pour the concrete, but the ingredients are mixed wrong – too much sand, too much water, etc. It dries, you build your new home on top of it, and the slab begins to crack and buckle. Your house can be on its way to being ‘red tagged’ as uninhabitable.

The same applies when you move all or part of your network operations to the cloud. Correct configuration of cloud solutions is often overlooked when companies plan Cybersecurity strategies. The misconception is that little needs to be done about security because the cloud is already secure. Not so.

This assumption is incorrect because cloud security is a shared model. The cloud provider only handles securing the backend infrastructure. The user is responsible for properly configuring security settings in their account.

The problems that ensue from misconfiguration are extremely serious, as it is the #1 cause of cloud data breaches. If cloud security was a baseball game, this would be an unforced error – 100% preventable. Misconfiguration means that a company or their IT services team has made a mistake by not adequately securing its cloud application.

There can be a number of reasons for this failure: Perhaps they gave too many employees administrative privileges or maybe they neglected to turn on key security functions. If that function prevented the downloading of cloud files by an unauthorized user, they have created a dangerous problem.

Misconfiguration encompasses a wide range of negligent behavior, most of which have to do with cloud security settings and practices, with a much smaller number impacting day to day office procedures and communications. 45% of organizations experience between 1 and 50 cloud misconfigurations per day.

Some of the main causes of misconfiguration are:

Lack of adequate oversight and controls

A team lacking security awareness

Too many cloud APIs to manage

No adequate cloud environment monitoring

Negligent insider behavior

Not enough expertise in cloud security

Use the tips below to reduce your risk of a cloud data breach and improve cloud security.

Shadow IT vs Cloud Infrastructure Visibility

When an employee uses a cloud app without authorization, it’s considered ‘Shadow IT.’ This is because the app is in the shadows so to speak, outside the purview of the company’s IT services team.

Do you know all the different cloud apps employees are using at your business? If not, you’re not alone. It’s estimated that shadow IT use is approximately 10x the size of known cloud app use.

How can you protect something you don’t even know is there? This is why shadow cloud applications are so dangerous. And why they often result in breaches due to misconfiguration.

You need to improve visibility into your entire cloud environment, so you know what you need to protect. One way you can do this is through a cloud access security application.

Restrict Privileged Accounts

The more privileged accounts (those with admin access) you have, the higher the risk of a misconfiguration. There should be very few users that can change security configurations. You don’t want someone that doesn’t know better to accidentally cause a vulnerability, such as removing a cloud storage sharing restriction for some convenience in a task – without being aware of the ramifications. It could leave your entire environment a sitting duck for hackers.

Audit privileged accounts in all cloud tools. Then, reduce the number of administrative accounts to a least needed to operate.

Automate Security Policies

Automation mitigates much of the possibility of human error. Automating as many security policies as possible helps prevent cloud security breaches.

One example: If you use a feature like sensitivity labels in Microsoft 365, you can set a ‘do not copy’ policy that will follow the file through each supported cloud application. Users need do nothing to enable it once you put the policy in place.

Use a Cloud Security Audit Tool (Like Microsoft Secure Score)

How secure is your cloud environment? How many misconfigurations could there be right now? You cannot correct issues to reduce risk if you do not know this information.

Use an auditing tool that can scan your cloud environment and let you know where problems exist - like Microsoft Secure Score. It should also be able to provide recommended remediation steps.

Set Up Alerts for When Configurations Change

Once you get your cloud security settings right, they won’t necessarily stay that way. Several things can cause a change in a security setting without you realizing it. These include:

An employee with elevated permissions accidentally changes them

A change caused by an integrated 3rd party plug-in

Software updates

A hacker that has compromised a privileged user credential

Setting up alerts is the right proactive move. You should have an alert for any significant change in your cloud environment. For example, when the setting to require multi-factor authentication gets turned off.

When alerts go off, your team will know right away when a change occurs to an important security setting and take immediate steps to research and rectify the situation.

Have a Cloud Specialist Check Your Cloud Settings

Business owners, executives, and office managers are not typically Cybersecurity experts. No one should expect them to know how to configure the best security for your organization’s needs.

It’s best to have a cloud security specialist from a trusted Managed IT Services company check your settings. We can help ensure that they’re set up to keep your data protected without restricting your team.

Frequently Asked Questions

Q: What are the privileged accounts?

A: Privileged accounts are login credentials to a server, firewall or any administrative account and are often referred to as admin accounts. Only a select and necessary few people in a company should have these accounts.

Q: Is shadow IT a threat?

A: Shadow IT is potentially one of the biggest cybersecurity risks to your cloud environment and business-critical data - and any regulatory compliances in place for your industry. If the company has no knowledge of, or control over, apps and software placed on their system, they cannot ensure that proper protections have been initiated. They become a major liability.

Q: Who provides cloud hosting?

A: There many cloud services providers, but the most recognizable are:

Microsoft Azure
Amazon Web Services (AWS)
IBM Cloud
The Google Cloud Platform

Q: Are cloud services 100% secure?

A: Nothing is 100% secure. Anything can be hacked. While cloud security is typically very strong, it is not infallible. The cloud provider is responsible for the security OF the cloud, the customer is responsible for the security of what they do IN the cloud.

How secure is your network?

As a reputable member of the IT Support Los Angeles community since 2002, IT Support LA offers a FREE, no-risk network and security assessment. It is a non-intrusive scan that allows us to deliver a comprehensive report that is yours to keep. No strings, and no obligation to ever use our Managed IT Services.

The best defense is the best Cybersecurity to protect your data from theft, and a top-notch Managed Services Provider (MSP) to ensure continued reliability and defenses against newly emerging threats.

With our 100% Money Back Guarantee in writing, we offer a risk-free way for prospective clients to try us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.

Among the Managed IT services we provide:

IT HelpDesk Service
Onsite IT Support
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)

Improve Cloud Security & Lower Your Chances for a Data Breach

Most work is now done in the cloud, and companies store data in these online environments.  Don’t leave your company at risk by neglecting misconfiguration. Give us a call today to set up a cloud security assessment.

IT Support LA an award-winning Managed Services Provider (MSP):
o  3 Years awarded Best IT by the Small Business Expo
o  Awarded 2nd best company of any type in the US by the Small Business Expo SB100
o  Awarded Best IT in California by Channel Futures
o  Winner of Best IT Support in Los Angeles 2021 by Channel Futures
o  Listed as one of the world’s Top 501 Managed Services Providers by CRN and in the top 250 in the   ‘Pioneer’ listing
o  4 years listed as one of the Top 501 MSPs in the World by Channel Futures
o  Globee 2021 Bronze Award winner for Chief Technology Officer of the Year
o  Globee 2022 Gold Award winner for Chief Technology Officer of the Year
o  Named one of 2022’s 50 ‘Best’ businesses in California by UpCity
o  Named Best of IT winner for 2021 by UpCity
o  Winner of Local Excellence Award for 2021 by UpCity
o  Named Best of Cloud Consulting winner for 2021 by UpCity
o  Certified as Top MSP and Cybersecurity Pro for 2021 by UpCity
o  Named Best IT Support in Los Angeles for 2021 by Expertise.com.

For more information, or to receive your FREE no-risk network and Cybersecurity assessment, just fill out the form on this page or call us at: