How to Prevent Cloud Configuration Errors

Tuesday, May 29, 2018

Reuven Harrison


The advent of cloud computing has dramatically altered the technology structure of today’s companies – making it much easier and faster to deploy resources as needed. In the traditional model, application developers had to wait for IT to provision storage and compute resources; meanwhile, security and network teams were needed to make the resources accessible and compliant with company policies. The process often took weeks or even months. By contrast, cloud-based resources could be spun up in minutes, and new applications deployed in that same day, without IT or network security involvement.

This newfound business agility introduces a new layer of risk to a company’s environment, as resource misconfiguration may not be discovered until it’s too late. The problem is further compounded by the lack of consistent security controls across competing cloud implementations.

Agility without security will eventually harm your business, as demonstrated by frequent news articles describing new cloud-based application and data breaches.

Misconfigurations Can Cause Security Breaches

When deployments or implementations aren’t configured properly, an easy opening is created for cybercriminals to gain access to sensitive data and resources. In fact, the wave of security breaches or instances of exposed customer data are often traced directly back to configuration errors.

Until organizations fully recognize the extent of the problem – and start proactively taking steps to both identify (and fix) possible vulnerabilities in their own networks, storage systems and user behaviors – the breaches will continue to grow in frequency.

Full Unified Visibility is Key

There is a way, however, to prevent these misconfigurations from happening. The key is visibility. Unified organizational visibility will let IT managers see any potential issues and fix them before they’re a problem. The ability to understand your company’s end-to-end network connectivity across all different architectures is critically important.

IT managers need to be able to see and understand their entire network - physical, virtual, and cloud. They need to be able to quickly answer the following questions, to make sure their implementations are configured correctly – and their organization is protected:

  • What is being deployed, where, and how?
  • How many different implementations are running at the same time?
  • Are they “talking to each other” properly?
  • Are all aspects of the organization configured consistently with security protocols?
  • Has cloud storage been configured and secured correctly?
  • Are end-users complying with policies?

Early visibility into configuration errors enables developers and IT to remediate issues and avoid public exposure.

The Need for Automation

While visibility is a good starting point, modern DevOps practices are driving ever faster change cycles. Managing security at scale is not easy, and the adoption of cloud and container technology is exponentially increasing scale. The traditional security management approach and tools are simply not capable of addressing the new challenges.

IT managers don’t always have the luxury of having a large team – and often, despite company growth, the IT team is one of the last things to grow accordingly. This means that IT managers must find solutions to the age-old problem of doing a lot with a little. Automation is that solution.

By embracing automation, IT managers can remove some of the lower-level, more repetitive tasks from their responsibilities. By setting up automated tools to integrate new implementations with their existing network, time can be freed up for IT managers. Automated tools can also immediately locate and correct implementation errors or flag potential security issues, helping to ensure that your company’s data won’t be compromised.


With unified visibility into the whole network, at all levels – and an embracing of automation – IT managers will be able to strike a balance between security and functionality, without worrying about an implementation error creating a lasting problem.

About the author: Reuven Harrison is CTO and Co-Founder of Tufin. He led all development efforts during the company’s initial fast-paced growth period, and is focused on Tufin’s product leadership. Reuven is responsible for the company’s future vision, product innovation and market strategy. Under Reuven’s leadership, Tufin’s products have received numerous technology awards and wide industry recognition.

Possibly Related Articles:
Cloud Security Enterprise Security Security Awareness
breaches Automation Cloud Adoption Visibility Configuration Errors
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.