Cloud developers still tripped up by misconfigurations, says vendor report
Cloud services offer several security advantages for organizations. Yet, despite years of warnings, cloud app developers are still making the same mistakes and opening organizations to serious risks, according to a vendor report.
The report, released Monday by Accurics*, says development teams are still tripping over well-known misconfigurations such as insecure storage buckets, hardcoded passwords and exposed networking. “There seems to be a lack of awareness around the impact of default configurations and security groups, increasing the chance of accidental leaks or exposures,” the report states.
Violations of security policies and configuration drift affecting core networking components like load balancers, gateways and routing take the longest to remediate when they should be fixed the fastest, it adds. Instead of fixing violations and drifts in pre-production environments, teams have to go after them in production systems.