Wiz
AcademyWhat Are the Most Common Misconfigurations on the Cloud?

What Are the Most Common Misconfigurations on the Cloud?

The rationale for adoption of cloud technology has evolved over time. Initially, companies were attracted to the cloud's cost-effective and plentiful compute and storage resources.

Wiz Experts Team

Today, however, the cloud has become the default option for organizations to operate their businesses and create new products and services. As companies strive to outpace their rivals in terms of innovation, they are investing heavily in increasingly complex cloud technology solutions. 

This complexity can make securing the cloud an increasingly complicated undertaking. The same organizations that build in the cloud frequently struggle to guarantee the security of their cloud systems, adhere to regulatory standards, and safeguard themselves and their customers against data breaches or outages. Despite these difficulties, the impetus to build or migrate to the cloud persists, especially given the cloud's role as a hub for innovation and growth during times of economic uncertainty. 

Why misconfigurations in the cloud happen 

The cloud is a highly dynamic and interconnected environment that constantly evolves. Customers demand highly customizable cloud services, and providers have heeded the call. This flexibility, however, creates a complex technology environment. As many organizations are beginning the development of their cloud environments, the variety of services available, as well as the adoption of services from multiple providers, can lead to unforeseen interactions and a challenging security landscape. 

Misconfigurations often occur when teams adopt different cloud-native technologies in combination. Without proper visibility and careful scrutiny, it can be difficult to establish how these resources interact. An apparently insignificant change to one cloud resource can, without careful analysis of connected systems and services, result in the risk of exposing your data to the public internet. 

The speed and ease with which cloud services can be deployed also creates difficulties in preventing misconfigurations. Image-driven technologies like containers, serverless, virtual machines and Infrastructure as code (IaC) are increasing in popularity thanks to their automation capabilities and consistency, but those same qualities can compound misconfiguration. A single slip in configuration or an exposed secret suddenly goes from a single instance to the foundation of a repeating pattern, multiplying across the cloud platform. 

Why misconfigurations are critical 

Preventable misconfigurations and end-user mistakes continue to be the primary cause of cloud breaches, and this trend is expected to continue. CSPM tools play a crucial role in continuously identifying and fixing misconfigurations throughout the cloud application lifecycle.  

CSPM tools can help you detect potential misconfigurations that can put your cloud environments at risk. Common misconfigurations include unsecured data storage, excessive permissions, unchanged default credentials and configurations, disabled security controls, unrestricted access to ports and services, and unsecured secrets. 

In 2021, a major breach occurred due to misconfigurations when a leading CSP misconfigured its own cloud storage buckets, exposing sensitive data belonging to third-party companies. The CSP moved quickly to resolve the issue, but malicious actors were able to exploit the misconfiguration and gain unauthorized access to confidential information. 

To safeguard your data and protect the interests of key stakeholders, it is imperative to continually scan your cloud environments for misconfigurations. Utilizing CSPM tools can provide ongoing visibility and security against potential threats. 

The most common misconfigurations 

It is crucial to be aware of the common cloud configuration errors that could lead to security breaches. Here are some of the most significant issues and steps to avoid them: 

  • Excessive permissions: Whether by configuration oversight, or creep – excessive permissions to cloud resources result in excessive access. Combining that with the accessibility of an Internet-connected cloud environment is a recipe for disaster. Excessive permissions could give the malicious actor opportunities for lateral movement. 

  • External access to storage: It is common for mistakes to be made when granting access to cloud storage technologies. A common example is confusion between authorized users and authenticated users, the result of which can be all AWS users having access to your S3 buckets, whether they are in your organization or not. Encrypt all data in cloud storage with strong encryption. Keep an eye on all public storage nodes and remove any unnecessary or inappropriate permissions or access. 

  • Excessive open network ports: It is all too easy to create permissive network controls, particularly during build and test to enable easy access, then forget to lock them down afterwards. Limit access to network ports strictly as required, and follow the concept of least privilege. Outbound server traffic should be tightly controlled, since almost all communications to a server are initiated by the client, and protocols used for remote management such as SSH and RDP should be restricted to the maximum extent possible. 

  • Absent logging and monitoring: It is essential to keep track of security events on your cloud services. Create automated and targeted monitoring and alerts so any breach or unusual pattern of activity can be identified and remediated before it causes a significant security event. Logging provides an audit trail, as well as contextual information that helps improve security posture. It is also important that logs and monitoring tools are analyzed to identify malicious activity. 

  • Persisting default credentials: Whether a cloud workload, database, application, or service, it is common for cloud infrastructure services and software components to include a default password to get a deployment moving. Leaving that default in place gives easy access to bad actors, since those default credentials are well known. It is important to scan code within the software development lifecycle to ensure no exposed secrets persist. 

  • Development configuration in production: It is common for security to be more relaxed in environments used by developers, facilitating agility and permitting frequent change as code iterates toward production. It is also all too common for some of these settings that make a developer’s life easier to be promoted into production, which could result in compromise or data leak. Review code settings carefully before implementation to the production environment to ensure no such details are promoted to production 

  • Third-party software components: It is common for modern software development practices to include the re-use of existing components, including open-source software. Research third-party libraries' security vulnerabilities thoroughly before selecting them and follow the best practices recommended by component developers to maximize the security of your software products. And, of course, scan code in the pipeline to ensure no vulnerabilities persist. 

Why you need CPSM 

The cloud has drastically altered how computing environments are constructed, configured, and managed. API calls have replaced physical boxes and wires. Critical resources and sensitive data that were once hidden deep in the infrastructure are now easily accessible from the internet. As a result, 

conventional systems that provide network visibility, security, and compliance are ineffective in the cloud. 

Cloud security posture management, or CSPM, is a solution that enables companies to evaluate the security and compliance position of cloud-native applications. By continuously monitoring cloud environments, CSPM helps teams rapidly detect insecure configurations and violations of regulatory requirements. With CSPM, teams can pinpoint misconfigurations caused by drift or misuse that can be exploited and also prevent cyberattacks that target cloud infrastructure. 

To find out more about how Wiz’sCSPM solution can help you overcome the challenges of cloud misconfiguration, contact us for a demo.

Continue Reading

5 Best Practices for Vulnerability Management

Internet-connected systems are almost constantly scanned by would-be hackers, with new vulnerabilities being discovered every day.

How to Stay Compliant on the Cloud

Cloud compliance has started to feature more prominently in recent years as a result of the increasing adoption of cloud computing services by organizations in all sectors, from one-man band solopreneurs to global entities.

The Evolution of Cloud Security Posture Management

As organizations move further and further into the cloud operating model, the attack surface available to malicious actors has increased.

What is the difference between CSPM and CWPP?

The migration of infrastructure, applications, data, and services to the cloud results in an increasingly complex security position.

What is Vulnerability Management?

Vulnerability management is the process of identifying, evaluating, prioritizing, and mitigating or remediating vulnerabilities in cloud service environments.