Misconfigured storage services in 93 percent of cloud deployments have contributed to more than 200 breaches over the past two years, exposing more than 30 billion records, according to a report from Accurics, which predicted that cloud breaches are likely to increase in both velocity and scale.


“I do believe such events will become more and more prevalent as the adoption of public cloud continues with individuals and companies taking a short cut approach to meet time-to-market deadlines, without executing on the shared security model of the public cloud,” said Rajiv Kanaujia, vice president of operations at CloudCheckr.


Over time, IaaS vendors will make certain areas of security non-negotiable, hence restricting the success of the bad-actors, but a lack of awareness or funding to execute on the shared security model of the public cloud will continue to expose customers to such vulnerabilities, Kanaujia said.


“Now, the IaaS consumer (user of the cloud) has a big role to play in configuring and managing these layers,” he said, noting that application developers never had to deal with such responsibilities in the past.


Kanaujia agreed that a better approach is moving towards Infrastructure as Code (IAC), where such configuration changes become transparent to internal teams and go through a better change management process, including peer review. The industry will encourage concepts like encrypted data-bags that will slowly eliminate the need for having credentials in clear text anywhere in the system, he added.

Read the full article on SC Media.