Cloud Misconfiguration: The Hidden Land Mine

If you pour the concrete for a slab foundation for a house but the ingredients are mixed wrong – too much sand, too much water, etc., you have created a construction land mine. Once the concrete dries, you continue to build the home on top of it, and the slab begins to crack and buckle. Your house can be on its way to being ‘red tagged’ as uninhabitable.

Now let’s say you are moving all or part of your network operations to the cloud. Misconfigure your cloud setup and you’ve created a foundation that will most likely fail eventually. Correct configuration is often overlooked when companies plan Cybersecurity strategies for the cloud. The misconception is that little needs to be done about security because the cloud is already secure. This is untrue.

The reason that it’s incorrect to assume that is because cloud security is a shared model. The cloud provider only handles securing the backend infrastructure. The user is responsible for properly configuring Cybersecurity settings in their account. No cloud provider guarantees the security of your data.

Extremely serious problems can ensue from misconfiguration - it is the #1 cause of cloud data breaches. If cloud security was a baseball game, this would be an unforced error – 100% preventable. Misconfiguration means that a company or their IT services team has made a mistake by not adequately securing its cloud application.

This failure here can be the result of a number of things, like giving too many employees administrative privileges or neglecting to turn on key security functions. If that function prevented the downloading of cloud files by an unauthorized user, they have created a dangerous problem.

There is a wide range of negligent behavior that can contribute to misconfiguration, most of which have to do with cloud security settings and practices, with a much smaller number impacting day to day office procedures and communications. 45% of organizations experience between 1 and 50 cloud misconfigurations per day.

A few of the main causes of misconfiguration are:

Lack of adequate oversight and controls

A team lacking security awareness

Too many cloud APIs to manage

No adequate cloud environment monitoring

Negligent insider behavior

Not enough expertise in cloud security

Use the tips below to reduce your risk of a cloud data breach and improve cloud security.

Shadow IT vs Cloud Infrastructure Visibility

‘Shadow IT’ is what you get when an employee uses a cloud app without authorization. This is because the app is in the shadows so to speak, outside the purview of the company’s IT services team.

Are you aware of all the different cloud apps employees are using at your business? If not, you’re not alone. It’s estimated that shadow IT use is approximately 10x the size of known cloud app use.

How do you protect something when you don’t even know it’s there? This is why shadow cloud applications are so dangerous. And why they often result in breaches due to misconfiguration.

You need improved visibility into your entire cloud environment, so you know what you need to protect. One way you can do this is through a cloud access security application.

Restrict Privileged Accounts

You run a higher risk of misconfiguration when you have too many more privileged accounts (those with admin access). There should only be a select few users who can change security configurations. Someone that doesn’t know any better can accidentally cause a vulnerability, such as removing a cloud storage sharing restriction for some convenience in a task – without being aware of the ramifications. It could leave your entire environment a sitting duck for hackers.

Perform an audit of privileged accounts in all cloud tools. Then, reduce the number of administrative accounts to the minimum necessary to maintain operations.

Automate Security Policies

Automation mitigates much of the possibility of human error. Automating as many security policies as possible helps prevent cloud security breaches.

For example: If you use a feature like sensitivity labels in Microsoft 365, you can set a ‘do not copy’ policy that will follow the file through each supported cloud application. Users need do nothing to enable it once you put the policy in place.

Use a Cloud Security Audit Tool (Like Microsoft Secure Score)

Do you know how secure your cloud environment is? How many misconfigurations could there be right now? You cannot correct issues to reduce risk if you do not know this information.

It’s wise to use an auditing tool that can scan your cloud environment and let you know where problems exist - like Microsoft Secure Score. It should also be able to provide recommended remediation steps.

When Configurations Change, an Alert Needs to be Triggered 

Once you get your cloud security settings right, they won’t necessarily stay that way. Several things can cause a change in a security setting without you realizing it. These include:

An employee with elevated permissions accidentally changes them

A change caused by an integrated 3^rd party plug-in

Software updates

A hacker that has compromised a privileged user’s credentials

The right proactive move is to set up alerts. You should have an alert for any significant change in your cloud environment. For example, when the setting to require multi-factor authentication gets turned off.

When an alert goes off, your team will know right away when a change occurs to an important security setting and take immediate steps to research and rectify the situation.

Bring in a Cloud Specialist to Check Your Cloud Settings

Business owners, executives, and office managers are not typically Cybersecurity experts. No one should expect them to know how to configure the best security for your organization’s needs.

It’s best to have a cloud security specialist from a trusted Managed IT Services company check your settings. At ITFIRM.COM, we can help ensure that they’re set up to keep your data protected without restricting your team.