Humans are more of a problem for cloud security than we think. Here’s how to deal with the walking, talking risks to cloud data theft. Credit: Marisa9 / Getty A study by Ponemon and IBM indicates that misconfigured cloud servers cause 19% of data breaches. This is an expensive problem with an average cost of half a million dollars per breach. This figure does not consider the potential PR nightmare that could take down the company. Today the pandemic has us working at home, which makes us all more dependent on cloud computing. In addition to its other benefits, the cloud offers more modern security measures than on-premises platforms, so the Global 2000 made a quick push to public clouds. This rapid migration resulted in mistakes or oversights that have yet to be corrected, as conversion speed became more of a priority than caution. This is not a new or rare problem, pre- or postpandemic. What’s the root cause of this “rush” problem? How can we reduce the number of misconfigurations? I wish I could blame this on some particular trait or identify a common mistake, but the reality is that humans are flawed and unpredictable in their flaws. Although we can reduce the number of mistakes or oversights that occur, they can never wholly be eliminated. The notion of zero trust may hold the answer. The bottom line of zero trust is just that—don’t trust anything or anybody. Everyone and everything must be verified, including cloud services that are often misconfigured. Because everything is constantly being re-verified, the risk of a breach goes as down as the security becomes more rigorous. If we trust humans to configure cloud resources and services correctly, which removes as much risk as can be removed, about 20% of those security configurations will still be misconfigured. The notion of applying the concept of trust to deal with humans is to define humans as almost never trustworthy. We’re at a point now where we can afford to automate all security. This includes checking the configurations and frequently rechecking the configurations, as well as being proactive around the use of identities, encryption, key management, and multi-factor authentication. Most people who manage security are a bit distrustful of this kind of rigor, perhaps because giving up control of cloud security to automation is scary. What’s scarier is the number of human-caused misconfigurations that will likely increase as our cloud deployments become more complex and heterogeneous. When compared to $500,000 per incident, the justification to spend the money on security rigor allows us to get off cheap. The call to action? Remove humans from the security processes and automate as much as possible. At the very least, validate and verify all manual work and do so often. In the long run, moving from “trust but verify” to zero trust is better for people since everyone can keep their jobs. Related content analysis Generative AI won’t fix cloud migration You’ve probably heard how generative AI will solve all cloud migration problems. It’s not that simple. Generative AI could actually make it harder and more costly. By David Linthicum Jul 12, 2024 5 mins Generative AI Artificial Intelligence Cloud Computing analysis All the brilliance of AI on minimalist platforms Buy all the processing and storage you can or go with a minimum viable platform? AI developers and designers are dividing into two camps. By David Linthicum Jul 09, 2024 5 mins Generative AI Cloud Architecture Artificial Intelligence analysis The next 10 years for cloud computing Despite AI's explosive growth, the industry still needs to face facts that customers are unhappy about costs and vendor lock-in. By David Linthicum Jul 05, 2024 5 mins Amazon Web Services Google Cloud Platform Microsoft Azure analysis Serverless cloud technology fades away Serverless was a big deal for a hot minute, but now it seems old-fashioned, even though its basic elements, agility and scalability, are still relevant. By David Linthicum Jul 02, 2024 4 mins Serverless Computing Cloud Computing Software Development Resources Videos