What are Cloud Misconfigurations?
Use of the cloud is increasing, with usage by organizations using an external service provider’s cloud managed services estimated at 60%.1 The National Security Agency (NSA) considers cloud misconfigurations to be a leading vulnerability in cloud environments.2 With the relative ease of cloud adoption, it is critical to recognize some of the more common misconfigurations before you begin your migration. Common misconfigurations include:
Disabled monitoring and logging. Many organizations fail to enable, configure, or review the logs and telemetry data that is offered within public clouds. It is not only important to enable these features, but it is necessary to identify a person or entity who will be responsible for reviewing this data and flagging security incidents.
Unrestricted ports. All ports open to the internet can introduce risk. Make sure that that inbound open ports are known, restricted, or locked down, and that outbound ports access is limited using the least privilege principles.
ICMP. Internet Control Message Protocol (ICMP) reports network device errors and it is a common target for cyberattacks. ICMP displays that a server is online, and cyberattackers can use this information to target the server and launch at attack, such as a DDoS attack. To prevent this, ensure that the cloud is configured to block ICMP.
Credential management. Maintaining a secure cloud inventory of sensitive credential information such as passwords, API keys, encryption keys, and admin credentials can be dangerous if the security is not regularly evaluated. Consider using credential management solutions and services to prevent data compromise.
Backups. Poorly configured backups can leave data vulnerable to threats, including insider threats. Ensure that backups are encrypted at rest and in transit, and restrict backup access.
Validation. Identify an individual or entity who is responsible for routinely auditing cloud configurations. Without routine and timely oversight, cyberattackers have opportunities to exploit security lapses.
Permissions. Admins inundated with access requests may find it easier to enable default access, but this behavior creates unnecessary permissions that substantially increase the risk of threats. Secure Access Service Edge (SASE) architecture enables the use of cloud security that includes solutions to manage user permissions in multi-cloud environments.
Non-HTTPS/HTTP ports. Improperly configured ports can allow traffic to access database services that you did not intend to provide internet access to. Be sure to configure ports to the web so that traffic is only permitted from specific addresses.
Subdomain hijacking. Cyberattackers can re-register unused subdomains and route traffic to malicious web pages. Avoid this by deleting records associated with subdomains whenever a subdomain is deleted.
1 Gartner, 2019, “Gartner Forecasts Worldwide Public Cloud Revenue to Grow 17% in 2020”
2 NSA, 2023, “Mitigating Cloud Vulnerabilities”