- In early 2020, the “Verizon Data Breach Investigations Report” noted that the second-most common cause of data breaches behind hacking was errors such as misconfigurations.
- Big breaches due to customer misconfiguration errors (like the CapitalOne breach in 2019) get plenty of attention in the press, keeping IT security executives up at night.
- Learning how to better secure cloud usage is a work in progress. Understanding in theory how the shared responsibility model works flies out the door in practice when a systems engineer or developer accidentally configures an AWS S3 bucket so that it is open to public access.
- IT security teams responsible for securing their organization’s cloud usage should also advocate for more and better training of those who will ultimately create those cloud workloads or accounts to ensure they understand how to avoid potentially costly misconfiguration mistakes.
– Paula Musich | March 22, 2021