Page 66 - Cyber Defense eMagazine August 2023
P. 66
The term “shared” is somewhat misleading. It’s more like “divided.” The cloud provider’s responsibility
ends with their infrastructure. Everything you bring into their environment is your responsibility. This
means that upwards of 90% of the cloud security burden rests with the users. And that’s likely why
Gartner concluded that 99% of cloud security failures are the customer’s fault.
Solution:
Knowledge is power. Understand the extent of protection your cloud provider offers, and make sure you
have the in-house or outsourced skillset to make up the difference.
Amendable Human Error #2 - Misconfigurations
The good news is that security professionals know that a properly configured cloud environment is
actually rarely breached. The bad news is that the vast majority of cloud environments are not properly
configured, to say the least.
A great example of this is a recently exposed breach at automaker Toyota. Resulting from a cloud
misconfiguration, this breach went on for over a decade and affected over two million customers.
Why does this happen? Under the shared security responsibility model, your IT teams need to do a lot of
manual security configuring. But IT teams are not always cloud security experts (or even cloud experts,
for that matter). Frequently, these teams rely on default provider settings – settings which threat actors
love, of course. These settings leave, for example, 55% of companies with one or more databases that
are publicly exposed to the internet due to misconfigured routes or authentication requirements. What’s
worse, the sheer scalability of cloud deployments magnifies the ramifications of even a single
misconfigured setting.
The under-skilled cloud admins deploying your sensitive data and proprietary applications to the cloud
may not be aware of the intricacies of integration, prioritization, segmentation and permissions. It’s
possible they don’t know they should conform with industry best practices and maintain separate cloud
accounts for CI/CD, production, development, customer service, and more. They may not know how to
handle the flood of cloud security issues raised by Cloud Security Posture Management (CSPM) systems.
Solution:
Hire skilled resources. It’s true that skilled cybersecurity professionals are hard to come by. In fact, there
was an estimated cybersecurity workforce gap of over 3 million people in 2022 – and that number is still
growing. To mitigate this, many organizations are outsourcing cloud security to MSSPs or other security
solution providers.
Cyber Defense eMagazine – August 2023 Edition 66
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.