Rawpixel - Fotolia
Human error to blame for many cloud security issues
Following on from research from McAfee indicating it is a fairly confusing picture out there Claranet has called on more focus on the human end of cloud security
Customers with the jitters about cloud security should look to themselves more than casting aspersions on the platform they choose to use.
The majority of vulnerabilities are the result of human error, rather than due to any problems with the cloud environment.
Earlier this week McAfee published its Cloud Adoption and Risk Report which looked at the state of the landscape with the conclusion that customers were struggling to get a grip on things.
The secureity player found that the number of files shared in the cloud with sensitive data has increased 53% year-over-year and although most firms thought they used about 30 unique cloud services, the reality was it was closer to 2,000.
“Operating in the cloud has become the new normal for organisations, so much so that our employees do not think twice about storing and sharing sensitive data in the cloud,” said Rajiv Gupta, senior vice president of the Cloud Security Business, McAfee. “Accidental sharing, collaboration errors in SaaS cloud services, configuration errors in IaaS/PaaS cloud services, and threats are all increasing."
The idea that human error was partly to blame for security problems was spotted by others in the channel and Claranet was quick to sound the alarm over the issue.
“The cloud security challenges highlighted in this report have little to do with the platform itself, but everything to do with the people using it and, in our experience, people are the biggest weakness here. The major cloud providers like AWS set a lot of sensible defaults designed to support configuration – for example, S3 buckets are now private by default – but unfortunately, it’s very easy to get things wrong if you don’t know how to use the platform," said Steve Smith, senior site reliability engineer and AWS team lead at Claranet.
He said that not only do some problems arise because of the activities of the in-house IT team at a customer there are also partners out there thar do not have the right experience to deliver a secure platform.
“A click of a button or slight configuration change can have a major impact on your security posture, so it’s important to get a firm grip of the access controls and have safeguards in place to catch mistakes before they hit the production environment,” he added.