Accurics: Configuration errors are threat to cloud security
Poor configuration of cloud implementations poses a security threat, potentially leaving sensitive data exposed to public-facing servers.
That’s according to research from infrastructure-as-code provider Accurics, which scanned more than 1,800 security policies to come to its conclusion.
What are common cloud configuration errors?
The biggest problem, Accurics found, was default security settings. It’s vital to change these to prevent simple hacks, similar to hacking into someone’s router using the factory login details. Yet developers had either forgotten to override the default settings or made changes in the configuration that would leave the infrastructure vulnerable to attack.
What does the Accurics report recommend for cloud security?
The report recommends better training for developers in cloud infrastructure security, particularly where it is automated (via infrastructure as code, IaC). Automation is more efficient but does less to mitigate risk because the scripts cannot foresee every eventuality in every business.