One of the biggest cloud security threats your company faces isn\u2019t malicious. In fact, it originates from inside your IT organization.\n\nAccidental misconfigurations pose one of the leading security vulnerabilities IT organizations contend with in the cloud. According to a recent study, 79% of companies had experienced a cloud data breach in the past 18 months\u2014and 67% of respondents had identified security misconfiguration as the top security threat.\n\nDespite incredible advances in cloud security, misconfigurations tend to happen more often in the cloud than on-premises, leading to leaked data, service disruptions, and other costly troubles. This article explores some of the most common misconfiguration risks and how you can address them to tighten up cloud security.\n\nWhy misconfigurations happen\n\nMisconfigurations occur for various reasons. Although today\u2019s cloud is more secure than ever, it also has more settings and protocols to be aware of, especially in a multi-tenant environment. Simple oversights such as not ticking a box can have major repercussions. In fact, Gartner estimates 99% of cloud security failures will be the customer\u2019s fault\u2014at least through 2025. \n\nOne reason is that, as data and workloads shift to the cloud, necessary skillsets become much more specialized. Most established IT professionals have far more experience with on-premises security and much less experience and training in the cloud, increasing the chances of accidental misconfiguration. Meanwhile, while newer, less-tenured staff may be more accustomed to publishing data to the cloud, they\u2019re not necessarily accustomed to dealing with security, leading to configuration missteps.\n\nFurthermore, when data and workloads reside on-premises, a firewall provides an extra layer of protection. So even when a setting gets misconfigured, there\u2019s a lower chance of exposure outside the firewall. But if something gets misconfigured in the cloud, the risk is much higher.\n\nCommon cloud misconfiguration gotchas\n\nAs with many things, prevention begins with awareness. Be on the lookout for these common cloud misconfiguration gotchas.\n\nOverly permissive access privileges\n\nOverly permissive access policies and privileges enable expanded access to far more assets than needed. You may think user credentials are limited only to find out later that they were unlimited.\n\nStorage misconfiguration\n\nMisconfiguration opportunities abound when it comes to cloud storage. Confidential or regulated assets can inadvertently get mislabeled and find their way to external audiences. Furthermore, weak encryption can further expose assets.\n\nInsufficient or misconfigured logging and monitoring\n\nMonitoring and logging play a foundational security role in threat detection and mitigation. When monitoring and logging are compromised, it makes it difficult to detect events and changes and where they originated. \n\nNot securing inbound and outbound ports\n\nPorts provide opportunities for bad actors. Minimizing unnecessary inbound and outbound ports is half the battle. Restricting access is the other half.\n\nDefault system credentials\n\nIf a new server is spun up and it doesn\u2019t have a default credential, it may have all-encompassing access. Ensure all systems have default credentials.\n\nDevelopment settings in production\n\nImagine making changes in development, only to log off and realize you were in production, potentially breaking the application or locking users out. Misconfigured development settings are often the culprit in such scenarios.\n\nMinimizing misconfiguration risk\n\nIn addition to awareness, organizations can enhance security practices and policies to help minimize misconfigurations. This includes ensuring clear infrastructure visibility as well as implementing strategies such as automation, targeted training, and regular security audits.\n\nTo eliminate many of the traditional misconfiguration concerns of the public cloud, consider leveraging HPE GreenLake in a privatized custom-built cloud, either on-premises or in the cloud. Furthermore, HPE GreenLake Management Services provides managed security services including security monitoring, privileged access management, vulnerability management, and security hardening.\n\nGDT can help your organization make the most of HPE solutions to improve your cloud security posture. Contact the security experts at GDT to learn more.