Cyber Security: Not for Cloud Misconfigurations
September 25, 2019
DarkCyber has been discussing the apparent ineffectiveness of the cyber defense technology offered by dozens of vendors. Despite the escalation in marketing hype, security issues are like exhaust fumes — everywhere. “99 Percent of All Misconfigurations in the Public Cloud Go Unreported” flashes credibility lights with its “99 percent” and “all” headline.
The write up asserts:
The surge in adoption of cloud-based technologies and Infrastructure-as-a-Service (IaaS) has added a new facet to cyber threats — the loss of information caused by misconfigurations and weak credentials in the public cloud space.
That statement sounds plausible.
The write up adds:
The report says that the top ten most commonly-misconfigured settings in AWS, the most popular IaaS provider for enterprise firms alongside Microsoft Azure, are as below:
- EBS Data Encryption
- Unrestricted Outbound Access
- EC2 Security Group Port Config
- Provisioning Access to Resources using IAM Roles
- Unrestricted Access to Non-Http/Https ports
- Unrestricted Inbound Access on Uncommon Ports
- Unused Security Groups
- Unrestricted ICMP Access
- EC2 Security Group Inbound Access Configuration
- EC2 Instance Belongs to a VPC
If the data are accurate, Amazon is a security “challenge.”
Has Amazon done enough to make certain that its customers are not creating risks for others? If Amazon is a security problem, are the vendors of pricey cyber security systems providing tools and solutions that shore up known weak spots?
Two questions. Answers?
Stephen E Arnold, September 25, 2019