Security News > 2020 > July > Bridgecrew: Our mission is to set cloud security free

It's no secret misconfiguration is now the cloud's biggest security worry, although tying IaC to specific cloud security incidents is much harder to assess - misconfiguration can happen via any interface and not only IaC. One way to grasp the scale of the issue is to infer the answer by looking at the IaC templates on public repositories such as GitHub - an approach used by Palo Alto's Unit 42 earlier this year when it uncovered 199,000 insecure templates, including many high and medium-level flaws that would lead to serious misconfigurations.

"Misconfigured cloud resources are likely the main root cause for unintended exposure of sensitive data for cloud native companies. Misconfigured public interfaces, exposed secrets, and encrypted databases are just a few very common examples where companies have made bad calls when configuring their cloud infrastructure."

"A DevOps team would usually get their misconfiguration alerts from their cloud provider, open source tools or cloud security platforms and route it to the right person on a specific development team."

Bridgecrew Cloud can also use existing APIs to check an organisation's cloud infrastructure against security and compliance policies and best practice.

The irony is that by turning cloud configuration into a coding job, IaC should make security and compliance an analytical job which benefits security.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/07/23/bridgecrew_cloud_security_mission/