Table of Contents
According to Gartner’s forecast, by 2026, 75% of organizations will shift from traditional IT infrastructure to cloud computing to store, process data, and operate applications. While this transition unlocks immense potential, it also presents significant challenges for businesses in securing their cloud environments.
Top 03 cloud security mistakes
In a recent episode of “Into The Cyberverse” – a cybersecurity podcast, Mr. Troy Leach, Chief Strategy Officer at the Cloud Security Alliance, highlighted the three most common cloud security mistakes organizations need to address.
Misconfiguration
Cloud misconfiguration is one of the most prevalent issues businesses face. This typically occurs when cloud services or resources are improperly set up, inadvertently exposing vulnerabilities to attackers.
A notable example is the case of Toyota, where data from over 2 million customers was leaked and publicly accessible online for nearly 10 years. The breach was only discovered in May 2023. Toyota attributed the incident to cloud misconfiguration, which allowed unauthorized access to customer data.
Major cloud providers like AWS, Microsoft Azure, and Google Cloud offer tools and guidelines to ensure secure configurations. However, misconfigurations often stem from a lack of understanding or complacency. Many organizations mistakenly assume their cloud provider handles all security measures. As Mr. Leach emphasized, cloud security is not solely the provider’s responsibility – businesses must proactively configure settings and regularly audit their environments to maintain robust protection.
Misconfiguration is one of the most common problems in cloud security (Source: Getty Image)
Lack of a comprehensive strategy
The second common mistake is failing to develop a clear, overarching strategy for cloud security. While organizations often adopt cloud services to reduce costs and accelerate deployment, many neglect to establish a robust security plan.
Without a cohesive strategy, different departments within an organization may independently deploy cloud services without thorough security checks. This can create gaps in protection and lead to data breaches. Additionally, the absence of a unified security approach results in fragmented oversight and inconsistent protection of cloud assets.
Weak identity and access management (IAM)
Lastly, one critical yet often overlooked aspect is identity and access management (IAM). A minor mistake, such as granting excessive permissions to an account, can expose the entire cloud environment to cyber threats.
Many organizations still lack clear visibility into where their sensitive data resides and who has access to it. This contradicts the modern “Zero Trust” security model, which advocates for verifying every access request rather than defaulting to trust. As Mr. Leach explained, organizations must ensure that access to sensitive data is rigorously verified and granted only to authorized users or systems.
Proactive steps businesses must take
In response to cloud security risks, businesses must prioritize employee education. However, traditional training programs are often dry, inaccessible, and lack relevance to employees’ roles. To address this, Mr. Leach suggested leveraging generative AI to create personalized and practical training materials. This approach helps foster a sustainable security culture, where every individual understands their role in safeguarding the organization.
Mr. Troy Leach, Chief Strategy Officer of the Cloud Security Alliance, shared insights on the podcast “Into The Cyberverse” (Source: VinCSS)
Additionally, organizations should continually review their cloud services and run penetration tests. Mr. Leach recommended creating a Software Bill of Materials (SBOM)—a detailed inventory of cloud services and software in use. This prevents shadow access, where internal teams deploy unvetted services without undergoing proper security assessments.
VinCSS offers comprehensive cloud security strategy services, including consulting, implementation, personnel training, monitoring, auditing, and early warning. These services are designed to enhance your organization’s defenses, reduce vulnerabilities, and mitigate the risks associated with cloud security. Reach out to VinCSS today at https://vincss.net/contact/.
Tune in to the full episode of Into The Cyberverse here to hear Mr. Troy Leach’s detailed insights on emerging cloud trends and actionable steps organizations can take to secure their cloud environments.
