Whenever there is a report of a compromised cloud server or exposed data, it’s highly likely the incident is a result of mistakes made while provisioning or configuring that cloud system. If IT teams don’t consider the context that allowed those actions to occur in the first place, their remediation efforts will not be as effective.
Misconfigured or over-provisioned cloud access is “inevitable,” wrote Lori Robinson, the vice president of SailPoint, a cloud-based identity security provider. Even with the “most carefully crafted governance framework” in place, the sprawling nature of the cloud environment and the variety of changes constantly taking place means specific procedures are bypassed at times. Immediately revoking access once the problem has been uncovered is a “knee-jerk reaction,” according to Robinson. IT teams should first figure out what the impact would be on existing applications and processes in order to determine the appropriate course of action.