Despite massive investments in sophisticated cloud security tooling, the vast majority of severe cloud data breaches are caused by simple human error. The speed at which DevOps teams spin up infrastructure often outpaces security governance, leading to disastrous misconfigurations.
Our extensive analysis of incident response data throughout the past year indicates that improperly scoped IAM (Identity and Access Management) roles and publicly accessible object storage accounts account for 78% of all unauthorized data exfiltration events in the cloud.
A particularly pervasive issue involves developers granting 'wildcard' permissions (e.g., `s3:*` or `ec2:*`) to service accounts simply to get applications working quickly, and then failing to restrict those permissions later. Threat actors leverage these over-privileged roles to laterally move across the cloud account and exfiltrate entire databases.
To mitigate this persistent threat, organizations must implement Infrastructure as Code (IaC) security scanning before deployment. Cloud Security Posture Management (CSPM) tools must be aggressively deployed to continuously audit production environments for drift from baseline least-privilege configurations.
Cloud Incident Response
Research Lead