Data breaches are more common when cloud resources are misconfigured, as attackers can take advantage of the added insecurities.

Misconfiguration can result from blurred lines of responsibility between the end user and the cloud service provider. Most cloud service providers have recognized this issue and secured any unsecured defaults. But ultimately, customers are responsible for everything that cloud service providers have excluded from their built-in controls; for example, customers are responsible for securing and encrypting data, as well as defining their own access management policies.

Although a single account running a single workload is easy to secure, typical enterprise IT estates are much more complex, requiring collaboration between the cybersecurity and engineering teams within the customer’s organization that build and maintain the workloads.

Cloud service providers like AWS and Microsoft Azure have developed tools to spot misconfigurations, such as publicly-available S3 buckets or disabled multi-factor authentication. The problem with this approach is that these tools can produce overwhelming amounts of information. Organizations do not always have the skills in-house to interpret and prioritize the information provided.

Many organizations are turning to companies like WithSecure^TM for Cloud Security Posture Management (CSPM) to help them assess and address the impact of misconfigurations. In doing so, organizations help to deter cybercriminals and meet their assurance obligations to auditors and regulators.

WithSecure^TM Countercept CSPM offers specialized security assessments for cloud environments. This is shaped by our expertise protecting complex corporate environments and is continually updated as we discover new misconfigurations and threats.

We offer clients a full report on configuration issues, associated risks and remediation steps. Clients also have standing monthly discussions with our Security Engineering Team to drill into each issue and prioritize action.

It’s important that findings are understandable and executable, so we provide both the people and the knowledge to meet customers’ needs.

We discuss cloud security in depth in our latest report, The 7 Hidden Truths of Cloud Security, which uncovers misconceptions about cloud security in 2022 and identifies how organizations are re-writing the rules of cloud security to deliver advantageous business outcomes for their organization.