Why you can’t ignore the security risks of cloud misconfiguration

Migrating workloads and data to the cloud is vital for accelerating your digital transformation. However, it can also introduce unique security risk. Here’s how to secure your cloud infrastructure to thwart data breaches.

ARTICLE | 4m read
October 5, 2021

IT modernization is a popular business initiative for all kinds of organizations, and the path to modernization nearly always runs through the cloud. Deloitte reports than 68 percent of CIOs said “migrating to the public cloud and/or expanding private cloud” was their top IT spending driver. And for good reason: Migrating more workloads to the cloud enables even more rapid digital transformation and improves business resilience. Done right, moving to the cloud can accelerate your IT by decoupling it from the data center without compromising security.

However, too many organizations are doing cloud migration wrong—moving so quickly to the cloud that they are degrading cloud security. The truth is that misconfigured cloud environments are like leaving the front door of your enterprise open to data breaches. If you want to get all the advantages of cloud without increasing your attack surface, it’s vital to understand cloud security risks including cloud misconfiguration. In this article, we will examine what cloud misconfiguration is and leading practices to protect your enterprise and employees from cloud-enabled data breaches.

What is cloud misconfiguration?

Cloud misconfiguration refers to haphazardly putting sensitive data and other information resources into cloud environments without protecting their confidentiality, integrity, availability, or safety. This is quickly becoming the top cloud security risk, as Gartner predicts 99 percent of cloud breaches will be caused by customer misconfiguration or mistake. Common examples of these mistakes include poor access security like bad passwords, a lack of strong encryption, or failing to manage usage privileges across cloud apps.

CLOUD MISCONFIGURATION IS A DATA GOVERNANCE PROBLEM, WHICH FEEDS INTO A TRUST PROBLEM—LIKE EVERYTHING IN SECURITY ULTIMATELY DOES.

Kurt Roemer
Chief Security Strategist
Citrix 

In short, cloud misconfiguration is a data governance problem. Moreover, cloud misconfiguration becomes more severe if you allow your infrastructure of cloud services to sprawl. The more cloud services you use, the more your sensitive data is spread around and vulnerable to bad actors or data loss. This is not a warning to avoid adopting the right cloud services for the right job, but rather to have a specific policy for how you use these cloud resources—including who gets access and how.

4 ways to protect your data from cloud misconfiguration

Cloud misconfiguration is a real threat, but there are proven ways to mitigate it by organizing and securing cloud resources. Here are four leading practices to protect your data from cloud misconfiguration:

  1. Classify your data—and who gets access—appropriately.
    Start by determining which data require which layers of cloud security. Some data may be useful to everyone in your organization and thus require widespread access; other sensitive data should only be available on a need-to-know basis. While this might seem like an obvious point, a common mistake is not having clear and consistent data lifecycle policies for all cloud workloads. Once IT has these lifecycle policies in place, it’s much easier to manage who can access and modify cloud infrastructure to keep data safe.
  2. Understand your cloud app and API defaults to find security gaps.
    Make sure your IT team knows the default configurations for any cloud services or apps you adopt, as each cloud vendor has their own settings and SLAs. This makes it easier for you to identify potential security gaps in your cloud infrastructure and adopt policies or technology to address these misconfigurations. By establishing end-to-end visibility across your cloud security, you can also design the right audit provisions and reporting processes to quickly find anomalies before they turn into a data breach.
  3. Develop a clear DevSecOps workflow.
    The foundation of a clear DevSecOps workflow is making sure your developers are continuously trained on cloud security. Even when writing test code or prototyping, developers must realize everything they do has security implications. User data gets de-anonymized all the time, so it’s vital you consider your security use cases up front so everyone knows how your system can be used and abused.
  4. Minimize cloud complexity wherever possible.
    System complexity and compliance failures are top factors in amplifying the cost of a data breach. As you look for ways to minimize cloud complexity, work with IT to securely automate the process of deploying and delivering cloud workloads, as this enables you to define secure lifecycle policies and follow them by default. It’s also helpful to work with a set of established vendors that value interoperability and security instead of piecing together a complicated solution from multiple vendors. This unified approach will simplify your cloud workflows and help ensure cloud resources are provisioned and accessed securely.

Protect remote and hybrid workers from cloud misconfiguration

In this hybrid work era, more and more of your distributed workforce is going to rely on cloud technology. This makes it especially crucial for you to take cloud security and cloud misconfiguration seriously during your IT modernization, as the pace of change is only going to accelerate. By adopting data governance policies designed for the cloud, you can empower your remote workers to be productive anywhere—while ensuring your data will be safe everywhere.

BOLETÍN

Fieldwork de Citrix ofrece la información, investigaciones e historias más recientes.