"Cloud Security Is Complex -- But Most Vulnerabilities Fall Into Three Key Categories"
With most businesses utilizing at least one type of cloud deployment today, the question of whether the cloud is more or less secure than on-premise solutions remains. In on-premises or private cloud environments, security is primarily based on a barrier defense. When organizations are breached within this barrier, it is open season for malicious actors, as observed in high-profile incidents like the Target data breach, the Home Depot hack in 2014, and the recent Uber breach, which exploited an unpatched security vulnerability. According to Kevin Davis, Global CTO of AWS at Cloudreach, cloud vulnerabilities fall into three main categories, which are cloud misconfigurations, application exploits, and security patch management. Cloud configurations that are not in accordance with security best practices often result in exploits, as demonstrated by the 2019 Capital One data breach. In this breach, the bad actor exploited an AWS misconfiguration to bypass authentication requirements and gain access to the network. Patch management is also subject to the shared responsibility model. We continue to see customers compromised by unpatched vulnerabilities, which are frequently caused by failing to apply patches quickly or at all. This article continues to discuss the three categories of cloud vulnerabilities.