Combating the Cyber Risks of Misconfigured Cloud Services

Cloud misconfigurations continue to be one of the biggest threats to cloud security, according to the National Security Agency (NSA). A 2022 IBM study found that cloud vulnerabilities have grown 28% since the previous year, with a 200% increase in cloud accounts offered on the dark web within the same timeframe.

With vulnerabilities rising, it is clear that the impact of cloud breaches makes proper cloud security more important than ever. This article will discuss what a cloud misconfiguration is, common cloud misconfiguration types, and how to minimize risks.

What Is The Risk of Cloud Misconfiguration?

A misconfiguration happens when the settings on a cloud-related system, asset or tool falls short in protecting your network and data. This problem is growing more complicated because many companies use more than one cloud service for email, data storage, collaboration, customer relationship management, and other functions. Common misconfigurations you might experience include internet-exposed storage, failure to set up or update security configurations on common cloud platforms such as Microsoft 365, and the mismanagement of access privileges for data, applications, systems, and services.

It is crucial that Microsoft 365 email security gaps are closed before they are exploited by cybercriminals and then moved across your business’s network from one cloud service to another, as the intention is to steal data or drop ransomware. The majority of cloud security failures are caused by the user, and not the cloud provider, to manage the controls used to protect an organization’s data.

Experts say there is a correlation between how misconfigured you are and how susceptible you are to data exfiltration and other attacks. The impact of this is massive data breach, most of which over the past year resulted from a misconfiguration or a lack of the security basics in a cloud environment. Multiple studies emphasize this problem, including:

• Verizon’s authoritative Data Breach Investigations Report observed convergence between the human element and system misconfigurations remained just above the 5th percentile, but it drove an estimated 13% of overall system breaches, with misconfigured cloud storage instances leading the trend.
• By one industry estimate, 65% of publicly disclosed security incidents in the cloud were the result of customer misconfigurations.
• Companies aren’t quite as hard on themselves, in the CSA’s survey. Yet, they still rank security misconfigurations neck-in-neck with “cloud provider issues” as the cause of security incidents. In some cases, breaches have led to disagreements between cloud service providers and their customers regarding who was to blame.
• Misconfigurations cost companies nearly $3.18 trillion worldwide in 2019, based on the estimated cost of lost data.

Common Types of Misconfiguration

Overly Permissive Access

A cloud environment is considered to be overly permissive when too many cloud access permissions are enabled. This could include enabling legacy protocols on the cloud host, enabling communication modes between private and public resources, exposing external-facing ports, and exposing sensitive APIs without appropriate controls.

Storage Access Misconfigurations

Many times, organizations confuse “authenticated” users with “authorized” users, resulting in granted access to the “authenticated” users. An example of this is to allow access to an S3 bucket to all AWS users rather than all authorized users of the application. Access to storage buckets should be granted only within the organization. As a result of this misconfiguration, cybercriminals may access the storage and find crucial information like API keys, passwords, and other credentials as they actively scan AWS S3 buckets and public GitHub repositories. 

Unrestricted Inbound and Outbound Ports

When migrating to multi-cloud infrastructure, security teams should know the full range of open ports and restrict them to essential systems, locking down those that are not strictly necessary. Inbound ports pose security concerns, but outbound ports also create vulnerabilities through data exfiltration, lateral movement, and internal network scans when the system is compromised. Granting access to a server from a public network or even from a network outside your VPN, through various modes such as RDP or SSH, is a common cloud misconfiguration that puts you at risk of data violation.

Unlimited Access to Non-HTTP/HTTPS Ports

You should open the ports you absolutely need and block those you don’t need from the internet. Leaving these ports poorly configured provides an easy access point for attackers to exploit or brute-force the authentication. If these ports need to be opened to the internet, make sure the communication is encrypted and the traffic is restricted to specific addresses only.

Disabled or Under-Configured Monitoring and Logging

Logs are helpful if they are continuously monitored in order to take the appropriate actions. Make sure that you have sufficient logs for every activity that could lead to a security breach. Implement automated and targeted alerts based on these logs so that any breach or suspicious activity can be identified and addressed before it results in a breach.

Default Credentials for Systems

Many development teams create default credentials for authentication to simplify the development process. For example, many teams have some default credentials that are easy to guess or common knowledge.

Development Settings in Production Environment

Another common misconfiguration is to use development settings in production environments. In most cases, the settings and configurations that were suitable for the development environment will not be appropriate for production environments, for a number of reasons. 

Not Following “Safe” Configurations for Third-Party Components

Throughout the development process, various third-party libraries, components, and applications are used. Most software vendors will prescribe the best practices or recommended safe implementations that have undergone security testing on their end. Correctly implementing these best practices not only reduces the risk of a security breach but also increases the liability of these vendors in case a breach does in fact occur.

How Can I Minimize Potential Risks?

Configuration often falls in the hands of the organization and should not be taken lightly, nor should your business assume that by storing data in the cloud alone guarantees safety. Adopting best practices can strengthen an organization’s cloud security and prevent their data from being publicly exposed.

The best way to do this is by implementing an intelligent, fully-supported email security solution that makes email safe for businesses by providing fully-managed, end-to-end control of an organization’s email infrastructure. This strategy should be reliable at detecting and quarantining malicious mail in real-time, ensuring that only safe, legitimate mail reaches the end user. Additionally, it should be seamlessly integrated with Microsoft 365 and Google Workspace to close critical security gaps by bolstering inadequate native email security defenses.

Effective email protection is contingent upon defense in depth. This requires that the multiple layers of security work harmoniously to detect and block threats in real-time, building on each other to provide stronger, more resilient protection than these features would individually. When informed by global Threat Intelligence data gathered through Artificial Intelligence (AI), Open-Source Intelligence (OSINT) and Machine Learning (ML), security will constantly learn from and adapt to the threats that challenge it and update its protection to remain ahead of emerging threats and safeguard against future attacks.  

Innovative, multi-layered email protection should be accompanied by expert ongoing monitoring, maintenance and support required to enhance IT security and prevent advanced and emerging attacks. Admins need complete visibility into the threats targeting their organization and the security of their email via an accessible administrative portal designed to provide the insights required to make informed cybersecurity business decisions and improve the enforcement of company security policies.

The Bottom Line

Research has found that the misconfiguration of cloud security is one of the leading causes of cyberattacks. Companies need to understand how they contribute to the risks, impacts and potential solutions to keep their organization safe. Maximizing your cloud security requires solutions that can bolster the integrated security features offered by cloud service providers. The best email security solution should offer a complete package of features including threat detection, network intrusion prevention, and fully managed services.