The Inner Circle

The tiny ripples of change you implement in your cloud security strategy will make waves in the future. CSA Top Threats to Cloud Computing Pandemic 11 outlines the eleven threats you should watch out for. Number three is Misconfiguration and Inadequate Change Control. Learn more about the threat in this CSA blog → Top Threat #3 to Cloud Computing: Misconfiguration | CSA

#cloudsecurity #cybersecurityawareness #misconfigurations

Orbert,  Greetings from Seattle.

This was called out by both the NSA and CISA in 2020 in this report and elevating this conversation remains a high priority in many enterprises.

https://media.defense.gov/2020/Jan/22/2002237484/-1/-1/0/CSI-MITIGATING-CLOUD-VULNERABILITIES_20200121.PDF

There are some very salient points in this report that remain relevant, even after two years of aging.  I agree that we should be advising on best practices for avoiding and detecting misconfiguration, especially in environments with a more mature SRE practice.

CSP's are beginning to deliver tools that have the ability to detect misconfiguration in the plan phase of the IaC apply process.  One notable example is GCP's https://cloud.google.com/blog/products/compliance/google-cloud-cli-terraform-validation-preview

A good approach here is to integrate this process into your unit test framework for your SRE's IaC.