The news is filled regularly with attacks on misconfigured cloud servers and the leaked data that criminals obtain from them. The errors happen because we are all human. We might set up a cloud server with loose (or no) credentials and forget to tighten them when the server is placed into production. Or we fail to keep software up to date when exploits are discovered or get IT involved to audit the finished production app to ensure that it is as secure as possible.
The situation is far too common. Studies by Accurics and Orca Security found a series of basic configuration errors in various cloud practices. As an example, the former study found storage services misconfigurations exist in a stunning 93% of their respondents.
Here are ten of the most common mistakes:
1. Unsecured storage containers
In any given week, security researchers discover data caches on open cloud servers. They can contain all sorts of confidential information about customers. For example, both Avon and Ancestry.com had open containers discovered earlier this summer. Things have gotten so bad that even the security reseller SSL247 had left its files on an open AWS S3 container.
