Cloud Infrastructure Misconfiguration: What Every CISO Should Know, Part I

Cloud infrastructure misconfiguration is preventable, yet remains one of the most common security concerns for organizations moving to the cloud. A recent report from IBM X-Force revealed that there was a 424% increase in data breaches due to cloud misconfigurations that were caused by human error. Configuration drift that leads to misconfigurations can easily be exploited to gain unauthorized access to data, thus exposing organizations to unforeseen risks. Why has there been such a huge increase in misconfigurations and why are these breaches so damaging?
 

Misconfig Stats Image

 

Infrastructure misconfiguration has become increasingly likely as companies migrate more of their workloads to the cloud. Being on cloud means being dynamic and agile, and the security solutions used to protect data centers are not as effective in the cloud. Properly configuring a cloud resource requires new set of skills and an understanding of how to manage cloud resources. In addition, traditional security tools will not be as effective because they are focused at the operating system and application level. Another culprit will be the human error on the customer’s end. Gartner predicts that by 2020, 95% of all cloud security incidents will be the customer’s fault.

 

A cloud misconfiguration can occur anywhere in your infrastructure. Time delay is your worst enemy when it comes to misconfigurations. The longer it takes to find and fix misconfigurations means heightened security risks. If you are not examining your entire cloud infrastructure stack, including your network, storage, and numerous other cloud services for misconfigurations, you are leaving the security door wide open.

 

Download our data sheet on why CISOs should care about Mean Time to Remediation for cloud misconfigurations here.

 

Look for Part 2 of this post next week.

 

Categorized Under

Security & Compliance

Secure Your Cloud

Find security and compliance violations in your cloud infrastructure and ensure they never happen again.