Only 26% say they can audit their IaaS configuration settings

A report on Cloud Adoption and Risk from McAfee, who polled 1000 enterprises worldwide, has highlighted that while organisations benefit from the better security offered in the cloud there are some exceptions.

Poorly configured cloud infrastructure is an increasing problem according to the report:

• about 5% of Amazon S3 buckets are misconfigured rendering the contents publicly accessible
• only 36% of those polled said they could enforce Data Loss Prevention
• just 33% can control collaboration settings to determine how data is shared
• only 26% of IaaS users said they could audit configuration settings

The NCSC has issued guidance, in the form of the Cloud Security collection, which draws upon their experience of implementing cloud services. It includes guidance that lays out your responsibilities when building in IaaS. They have discussed the importance of configuring cloud services properly and, as an example, talked through the challenges of configuring storage well in in a cloud service.