Most Common Cloud Misconfigurations 2021 - Not What You Might Have Thought
ARGOS has deep insights into our customers' cloud environments across the three major public clouds providers. There are a handful of common recurring themes when it comes to cloud misconfigurations.
The traditional cloud security products commonly referred to as Cloud Security Posture Management (CSPM), will report the same issues that people have known about for a very long time and these are mostly well understood and usually under control. The value in reporting those misconfigurations as 'critical' is questionable.
Accessing / copying data over non-encrypted channels is definitely not recommended and a clear path to having data leaked into places it should not leak in to. This one is particularly surprising as Microsoft for example sets this property now by default. AWS does not enforce HTTPS by default and GCP does not allow insecure access to Cloud Storage.
We mentioned some of the ways this misconfiguration can happen here: https://www.argos-security.io/post/data-is-important-but-not-everything
