The cloud environment is fundamentally different from traditional on-premises infrastructure, and that’s a positive change for many organizations. The features that set the cloud apart such as scalability, flexibility, and accessibility, are exactly what companies are seeking to drive innovation and efficiency today.
However, these differences also introduce new security challenges, especially during the migration of resources and services. Unlike traditional on-premises systems, the cloud lacks physical boundaries as security is no longer defined by firewalls and locked server rooms. The cloud relies heavily on identity and access management (IAM), application integration and security configurations.
Misconfiguration of Cloud Resources
Misconfiguration remains the leading cause of cloud security incidents, largely due to the rapid evolution of cloud platforms and the frequent introduction of new features and settings that IT teams may not be familiar with. In complex, dynamic cloud environments, even small configuration errors can create significant security gaps, exposing sensitive data or critical systems to unauthorized access or attack.
Common examples of misconfigurations include:
- Overly permissive storage permissions for public S3 Buckets or Azure Blob containers
- Leaving unnecessary ports open or allowing incoming traffic from any IP address or geographic location
- Unrestricted access policies or excessive user privileges, which violate the principle of least privilege (PoLP)
Misconfigured AWS S3 Bucket Results in Breach
The exploitation of AWS S3 buckets is a frequent phenomenon. A recent example occurred in March of 2025 when 86,000 records belonging to a New Jersey-based HealthTech company were exposed. An S3 Bucket hosting 109 GB of healthcare information of the company’s employees was publicly accessible due to its lack of password protection or encryption. An investigation showed the bucket contained files containing sensitive information that included facial images of users, professional certificates, work assignment agreements and other personally identifiable information (PII).
Poor Identity and Access Management (IAM)
Cloud providers provide an assortment of security tools for their customers. However, many advanced security tools are often not enabled by default. If the customer fails to enable and configure them properly, they are of no use. One example of this is multifactor authentication (MFA) features that customers don’t enable. MFA is but one example of poor IAM practices. Other examples include excessive privileges, poor credential hygiene, and the failure to disable user accounts for former employees.
Failure to Enable MFA Results in Cloud Breach
Between April and June 2024, Snowflake, a leading cloud data warehousing provider, suffered a security breach after threat actors exploited stolen credentials from an infostealer malware campaign. The attackers targeted 165 customers with accounts protected with only single factor authentication. Snowflake documentation shows that users are not automatically enrolled in MFA and must enroll themselves. Snowflake also admitted that one of its own accounts was also compromised because it was only protected by single factor authentication.
Blind Spots in the Cloud
When you learn to drive you learn about blind spots and how they make you vulnerable to an accident. The cloud has many blind spots as it inherently has less visibility than on-prem environments where IT teams have access to everything in the environment. When organizations fail to enable audit logs, flow logs, or threat detection tools they create security blind spots where malicious activity can go undetected for extended periods. The dynamic nature of cloud resources further compounds the problem, as assets are constantly spun up or reconfigured, making manual oversight impractical. If you are in the cloud, you are responsible for getting some eyes into your environment to find out what is going on.
Cloud Risk and Duty of Care
There are many reasons why organizations have migrated assets to the cloud. For some, it was the incorrect assumption that the cloud was secure. The truth is that there is no secure environment today. While your cloud provider has a responsibility to protect their infrastructure, you have a duty of care to secure any assets that you migrate to the cloud. Practicing your duty of care helps establish reasonable security as regulations require. It starts with an organization’s mission, objectives, and obligations to develop their unique risk based security strategy which can include implementing strong authentication, robust access controls, encryption, and continuous monitoring to prevent breaches and data loss. Companies should consider harm not just for the business, but to all interested parties. Failure to uphold these responsibilities can lead to regulatory penalties, financial losses, and reputational harm.
How to Get Cloud Visibility
If you are striving to get more visibility into your cloud environment, HALOCK Security Labs has the solution. HALOCK’s cloud security assessment report highlights the common security challenges of the cloud such as setting misconfigurations, lack of asset visibility, and evolving threats targeting cloud-specific vulnerabilities. Our thorough analysis of your environment can help identify potential toxic combinations of access privileges, non-secure configurations, and vulnerabilities as well as accounts that are over-privileged, unused, and may pose higher risk. Our comprehensive reports also include insights such as:
- Critical configuration flaws
- Inventory of cloud assets and identities
- Open ports, weak protocols, and excessive privileges
- Permissions on assets and services that are too permissive
- Exposed secret keys
HALOCK can help illuminate the blind spots in your cloud environment and deliver strategies tailored not only for the cloud, but for your entire hybrid infrastructure. Don’t let unseen risks become tomorrow’s headline. We can help you turn visibility into your strongest line of defense.
