Steve Smith, senior site reliability engineer and AWS team lead at Claranet
“The cloud security challenges highlighted in this report have little to do with the platform itself, but everything to do with the people using it and, in our experience, people are the biggest weakness here. The major cloud providers like AWS set a lot of sensible defaults designed to support configuration – for example, S3 buckets are now private by default – but unfortunately, it’s straightforward to get things wrong if you don’t know how to use the platform,” he said.
Smith said that not only do some problems arise because of the activities of the in-house IT team at a customer there are also partners out there that do not have the right experience to deliver a secure platform.
Earlier this week McAfee published its Cloud Adoption and Risk Report which looked at the state of the landscape with the conclusion that customers were struggling to get a grip on things. The security outfit found that the number of files shared in the cloud with sensitive data has increased 53 per cent year-over-year and although most firms thought they used about 30 unique cloud services, the reality was it was closer to 2,000.
Smith said that some problems arise because of the activities of the in-house IT team at a customer there are also partners out there that do not have the right experience to deliver a secure platform.
“A click of a button or slight configuration change can have a major impact on your security posture, so it’s important to get a firm grip of the access controls and have safeguards in place to catch mistakes before they hit the production environment”, Smith said.