The Lurking Dangers of Cloud Misconfiguration

Let’s say you are building your own house with a concrete slab for the foundation. You pour the concrete, but the ingredients are mixed wrong – too much sand, too much water, etc. It dries, you build your new home on top of it, and the slab begins to crack and buckle. Your house can be on its way to being ‘red tagged’ as uninhabitable.

The same applies when you move all or part of your network operations to the cloud. Correct configuration of cloud solutions is often overlooked when companies plan Cybersecurity strategies. The misconception is that little needs to be done about security because the cloud is already secure. Not so.

This assumption is incorrect because cloud security is a shared model. The cloud provider only handles securing the backend infrastructure. The user is responsible for properly configuring security settings in their account.

The problems that ensue from misconfiguration are extremely serious, as it is the #1 cause of cloud data breaches. If cloud security was a baseball game, this would be an unforced error – 100% preventable. Misconfiguration means that a company or their IT services team has made a mistake by not adequately securing its cloud application.

There can be a number of reasons for this failure: Perhaps they gave too many employees administrative privileges or maybe they neglected to turn on key security functions. If that function prevented the downloading of cloud files by an unauthorized user, they have created a dangerous problem.

Misconfiguration encompasses a wide range of negligent behavior, most of which have to do with cloud security settings and practices, with a much smaller number impacting day to day office procedures and communications. 45% of organizations experience between 1 and 50 cloud misconfigurations per day.

Some of the main causes of misconfiguration are:

Lack of adequate oversight and controls

A team lacking security awareness

Too many cloud APIs to manage

No adequate cloud environment monitoring

Negligent insider behavior

Not enough expertise in cloud security

Use the tips below to reduce your risk of a cloud data breach and improve cloud security.

Shadow IT vs Cloud Infrastructure Visibility

When an employee uses a cloud app without authorization, it’s considered ‘Shadow IT.’ This is because the app is in the shadows so to speak, outside the purview of the company’s IT services team.

Do you know all the different cloud apps employees are using at your business? If not, you’re not alone. It’s estimated that shadow IT use is approximately 10x the size of known cloud app use.

How can you protect something you don’t even know is there? This is why shadow cloud applications are so dangerous. And why they often result in breaches due to misconfiguration.

You need to improve visibility into your entire cloud environment, so you know what you need to protect. One way you can do this is through a cloud access security application.

Restrict Privileged Accounts

The more privileged accounts (those with admin access) you have, the higher the risk of a misconfiguration. There should be very few users that can change security configurations. You don’t want someone that doesn’t know better to accidentally cause a vulnerability, such as removing a cloud storage sharing restriction for some convenience in a task – without being aware of the ramifications. It could leave your entire environment a sitting duck for hackers.

Audit privileged accounts in all cloud tools. Then, reduce the number of administrative accounts to a least needed to operate.

Automate Security Policies

Automation mitigates much of the possibility of human error. Automating as many security policies as possible helps prevent cloud security breaches.

One example: If you use a feature like sensitivity labels in Microsoft 365, you can set a ‘do not copy’ policy that will follow the file through each supported cloud application. Users need do nothing to enable it once you put the policy in place.

Use a Cloud Security Audit Tool (Like Microsoft Secure Score)

How secure is your cloud environment? How many misconfigurations could there be right now? You cannot correct issues to reduce risk if you do not know this information.

Use an auditing tool that can scan your cloud environment and let you know where problems exist - like Microsoft Secure Score. It should also be able to provide recommended remediation steps.

Set Up Alerts for When Configurations Change

Once you get your cloud security settings right, they won’t necessarily stay that way. Several things can cause a change in a security setting without you realizing it. These include:

An employee with elevated permissions accidentally changes them

A change caused by an integrated 3^rd party plug-in

Software updates

A hacker that has compromised a privileged user credential

Setting up alerts is the right proactive move. You should have an alert for any significant change in your cloud environment. For example, when the setting to require multi-factor authentication gets turned off.

When alerts go off, your team will know right away when a change occurs to an important security setting and take immediate steps to research and rectify the situation.

Have a Cloud Specialist Check Your Cloud Settings

Business owners, executives, and office managers are not typically Cybersecurity experts. No one should expect them to know how to configure the best security for your organization’s needs.

It’s best to have a cloud security specialist from a trusted Managed IT Services company check your settings. We can help ensure that they’re set up to keep your data protected without restricting your team.