Did you know? Cloud Misconfiguration and Mismanagement are the Biggest Security Risks of 2019

Cloud Misconfiguration and Mismanagement

A recent report from Gartner on the top security priorities for 2019 posits that “Nearly all successful attacks on cloud services are the result of customer misconfigurationmismanagement, and mistakes.” This should bring two major issues to the forefront for IT leaders charged with Security and Risk Management.

1. Not Realizing the Importance of Cloud Managed Experts
One, it underscores the crucial need for expertise when configuring Cloud environments. The 2018 Cloud Security Report reiterates the impact of misconfigurations, citing it as “the single biggest threat to cloud security.” As cloud configurations are often performed by a third-party Managed Service Provider (MSP), this worrisome statistic highlights the importance of partnering with security-minded managed service providers, with dedicated investment in security. The good news is that with proper cloud configuration, this is a one-and-done issue. Once your cloud environment has been set up securely, it isn’t a hanging vulnerability that leaves you exposed.

2. Instances of Mismanagement and Mistakes
The second and more difficult issue to address is the instances of mismanagement and mistakes. While configuration is a one-time project, where once completed correctly it’s no longer a concern, mismanagement and mistakes are ongoing and continuous threats to Cloud security.


The best way to counteract these threats is to keep your security measures current with consistent vulnerability scanning and patch management. For companies in high-compliance industries where regulations are often changing (such as pharmaceuticals and other life sciences verticals), maintaining up-to-date security should be one of the highest priorities for IT teams. A single security breach can cause hundreds of millions of dollars in damage, even with above average response times.

So, high-risk industry or not, cloud computing attacks have continued to increase in the upcoming year, and Security and Risk managers need to implement continuous vulnerability scans to stay aware of the weak links in their systems. Vulnerability scans can:

  • Track current patch levels and progress to determine your current and continued risk level
  • Analyze critical and high vulnerabilities to inform recommended remediations
  • Complete ongoing compliance scanning, reporting, and tracking


Once you’ve determined your risk levels and vulnerabilities, you can implement a plan for remediation. But the first step is understanding your system’s patching and vulnerabilities, to then build an informed plan for security in the upcoming year.

Have you determined your risk levels and vulnerabilities? Do you need an expert’s help for understanding your system’s patching and vulnerabilities?