Misconfigurations remain one of the most common risks in the technology world. Simply telling organisations to “fix” this problem, however, is not as easy as it might first seem because there’s a myriad of technologies at play in modern infrastructure deployments. All of this results in a complicated mix of hardening approaches for each system.
What is key, then, is to identify where hardening is required and then consider the methodology for each area. Even something as simple as data storage requires detailed planning to ensure that security controls provide robust protection not just on Day One but for all time regardless of where that data is.
Understanding the Cloud’s Security Risks
For starters, it’s important to consider that both private and public (cloud-hosted) networks are susceptible to the risks associated with these compliance objectives. For data stored in the cloud, we continue to see inappropriate access controls applied to online storage, resulting in leaked data as well as organisations storing credentials in insecure ways.etc.