Security News > 2021 > May > Despite Warnings, Cloud Misconfiguration Problem Remains Disturbing
Cloud Security Posture Management firm Aqua Security has analyzed the anonymized cloud configuration data of hundreds of its clients over a period of 12 months.
The intent was to discover the size of the cloud misconfiguration problem, and the response from industry to known issues.
The most publicly visible cloud misconfiguration issue occurs when a data owner leaves the data in storage that is open to the internet.
Encryption of data at rest is a service provided by the major CSPs. In AWS it must be enabled by the user, while Google Cloud Services and Azure provide it by default.
Misconfigured access control is one of the biggest problems in cloud usage, and one of the most difficult to prevent.
Of necessity, in the first access to a new cloud resource, the user is a superuser with maximum privileges.