Given the number of breaches and data exposures that stem from misconfigurations in the cloud, organizations need to take the same degree of ownership over security of those assets as they do assets maintained in their own data center, rather than letting cloud service providers do it for them.
“They need to have that same level of ownership,” said Joseph South, a senior cloud engineer with Grainger. “And when you have that same level of ownership, you know you're going to be more aware of what you actually have in the cloud, what the current security posture is of those assets, and you're going to be making the changes that you need to properly secure your environment.”
However, South told Senior Reporter Derek Johnson during an SC Media eSummit that cloud providers could adopt more secure methods by default if there was a concerted effort from the industry.
“I think that there should be some sort of warning system within these cloud platforms that say, ‘Hey, this S3 bucket is public; if you want to continue, sure, go ahead.’ And then you have to confirm it, you know, three or four more times.”