- Keys left in the front door when I was focused on getting inside safely.
- Garage door left open all day because I was wondering if I shut off the iron.
- Credit card left at the Starbucks as I made sure I had all my belongings.
Yes, I’ve done all those things. Perhaps I was just channelling my inner Homer Simpson.
Let’s face it — we’ve all made silly mistakes in our day-to-day lives that create security risks and privacy risks for our families and jobs. Thankfully, none of my mistakes have led to anything disastrous, at least that I know of, yet.
No matter how careful we are, or how well-versed we are in security best practices, it’s a safe bet that we all are making silly, absent-minded security mistakes daily that lead to security vulnerabilities in our cloud environments.
We know we shouldn’t keep root API access keys but don’t have time to create the other IAM users. We know that we shouldn’t use customer PII in test environments, but we’re in a rush, under pressure and don’t have time to anonymize. We know that there should never be open ports, but it will be easier to run the tests, and it will just be 10 minutes. We know that Welcome123 is a horrible password, but we’re drawing a complete blank at the moment, and plan to change it really soon. But, then stuff happens. You get distracted by your cube mate’s cat videos. You start thinking about something you need to do when you get home. Your mind moves on to the next task, and BOOM — you forget to fix the security mistake despite all your good intentions just moments ago.
The recent rash of MongoDB and Elasticsearch attacks have had me wondering how many of those open access policies and vulnerable clusters were caused by absent mindedness rather than blatant incompetence. How many times did developers think “I’ll fix that other problem as soon as I get this thing working” and the next thing they know the code has been deployed and their to-do list of fixes has been forgotten?
As security professionals (and these days we all need to be security professionals), we need to focus, quickly remediating risks and the identifying ways to ensure that the mistakes don’t happen next time. However, keeping staff trained, and tracking of all the changes that takes place in our dev, test and prod environments is impossible.
With continuous security and compliance monitoring, seamless integration into SIEMs, and real-time alerts that get issued out to the right team at the right time, we can use cloud security automation to our advantage and limit the liability that our mistakes can have on our business. So, while checklists on the cubicle wall and continuous training are great for reminders of security best practices, there is nothing better than building security policies and checks directly into the workflow.
After all, we all get lost in our thoughts now and then and forget to…