Why Cloud Misconfigurations Remain A Top Cause Of Data Breaches
Anshu Bansal is the founder/CEO of CloudDefense.AI—a CNAPP that secures both applications and cloud infrastructure.
It's 2025, and the industry has built some of the most advanced cloud environments ever seen—automated deployments, real-time threat detection and infrastructure that scales with just a few lines of code. Yet, data breaches aren't slowing down—why?
Because a single misconfiguration—often as simple as an overly permissive IAM role or an exposed storage bucket—can wreck everything.
In fact, cloud misconfigurations are often termed as a "technical oversight." But they're a systemic failure—a gap between how we build, secure and perceive risk in the cloud.
Having spent over a decade in tech, I've seen organizations pour millions into cutting-edge tools, only to be blindsided by breaches caused by overlooked settings. Misconfigurations remain the number one cause of cloud breaches, not because we lack the technology to fix them, but because we keep treating the symptoms, not the root causes.
Here, I'll break down why the industry keeps stumbling on this issue and, more importantly, how we can finally get ahead of it.
Misconfigurations often get dismissed as "careless mistakes." For instance, a forgotten storage bucket left open to the public or an IAM role with broader permissions than necessary.
Easy fixes, right? Not quite.
In modern cloud environments, what looks like a single misstep is usually the byproduct of complex, fast-moving workflows. For example, take a developer spinning up a new microservice, working in a CI/CD pipeline and deploying infrastructure as code (IaC). The security team might not even see the new environment until it's live. If the template they used includes overly permissive IAM policies, that misconfiguration automatically spreads to every future deployment.
And, here's what most people miss: misconfigurations don't happen in isolation. They're often tied to contextual blind spots. A storage bucket open to the public isn't always dangerous—unless it contains sensitive production data or exposes internal infrastructure paths. But cloud security tools typically flag everything equally, drowning teams in alerts while critical issues get buried.
Key complexities that often go unnoticed:
• Cloud Drift: Configurations change rapidly across environments, creating gaps.
• Automation Blindspots: IaC can automate vulnerabilities if underlying templates contain misconfigurations.
• Lack Of Context: Tools flag issues without understanding their real-world impact.
The real challenge isn't fixing misconfigurations; it's understanding them in context. And that's where traditional security approaches fall short.
If misconfigurations are the root cause of most breaches, why haven't traditional security solutions solved the problem? Because they focus on detection, not prevention.
For instance, again let's consider that a developer spins up a new cloud instance for a project under a tight deadline and fast-paced sprint. They use an IaC template that worked last time without any issues. The project goes live. Weeks later, security flags an open port exposing sensitive APIs. Sound familiar? If yes, this is where the traditional approach falls short:
Ask most people why misconfigurations happen, and they'll say "human error." That's only half the story. The real causes run deeper—tied to the way modern cloud environments operate.
Here's what's really fueling these vulnerabilities:
• Speed Over Security: Cloud thrives on agility. Developers push code fast, often under tight deadlines. Security checks? They're seen as bottlenecks. When speed wins, security loses.
• Configuration Drift: Even secure deployments don't stay that way. Someone adjusts a security group for testing and forgets to revert it. This "drift" creates gaps traditional tools often miss.
• Lack Of Context: Security tools flag issues but don't prioritize risk. Is an open port on a dev instance as critical as one on production? Most tools treat both the same, drowning teams in noise.
• Siloed Workflows: Developers deploy. Security scans later. Issues get flagged post-deployment, often days or weeks later. By then, the damage might already be done.
• Default Configurations: Cloud providers offer quick-start setups, but these defaults prioritize functionality, not security. Unless teams manually tighten settings, they're exposed from day one.
Eliminating cloud misconfigurations is not just about patching individual issues. It's about fixing the system that allows them to exist in the first place. From my experience, the most effective approach involves shifting left and integrating security into every stage of the cloud lifecycle.
Here's what works.
• Shifting Left With Developer-Led Security: The easiest problems to fix are the ones that never make it to production. Developers should have tools that flag risky settings while writing code, not after deployment. If your pipeline isn't scanning IaC templates, you're flying blind.
• Enforcing Least Privilege By Default: Excessive permissions are a common culprit. Adopt the principle of least privilege for IAM roles, service accounts and APIs. Ensure every identity—human or machine—has only the permissions they absolutely need.
• Implementing Continuous Misconfiguration Monitoring: Cloud environments change constantly. One small update can undo weeks of careful security work. Continuous monitoring tools help catch these shifts—before they turn into real threats.
• Automating Policy Enforcement: Humans miss things. Automation usually doesn't. Use policy-as-code frameworks like AWS Config, Azure Policy or Open Policy Agent to enforce security standards. If a misconfigured resource doesn't meet policy, it shouldn't deploy—simple as that.
• Using Advanced Cloud Security Tools: This is where cloud security posture management (CSPM) shines, especially in multi-cloud environments. These platforms don't just say, 'Hey, something's wrong!' They prioritize risks, show potential impact and even guide remediation.
• Closing The Visibility Gap: A misconfigured bucket hosting non-sensitive logs doesn't deserve the same urgency as one holding customer data. Tools that combine configuration alerts with risk context help prioritize fixes effectively.
After working in this space for years, I can say with confidence that tools alone won't save us. It takes a mindset shift. When everyone—from developers to leadership—understands the risks and owns their part, the whole system gets stronger.
The cloud isn't going anywhere, and neither are misconfigurations. But if we build smarter habits, use the right tools and stop trusting defaults, we can keep them from becoming headlines.
The bottom line? Cloud security isn't someone else's job. It's everyone's.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
15 hours ago
- Yahoo
Docusign Stock Sinks as Firm Cuts Billings Outlook on Switch to AI Platform
Docusign's first-quarter billings missed estimates, and it lowered its full-year billings outlook. The e-signature software provider blamed the billings issue on its switch to an artificial intelligence-driven agreement platform. Docusign beat quarterly profit and sales estimates, and boosted its share repurchase (DOCU) shares sank 18% Friday, a day after the electronic signing software maker's billings missed estimates and it slashed its full-year billing outlook as the company shifted to an artificial intelligence (AI) model. The company reported fiscal 2026 first-quarter billings of $739.6 million, while the average estimate by analysts surveyed by Visible Alpha was $747.8 million. For the full year, Docusign sees billings in the range of $3.285 billion to $3.339 billion, down from its previous outlook of $3.300 billion to $3.354 billion. CEO Allan Thygesen explained on the earnings call that the company expected a decline in billings this year because of "foundational go-to-market changes" as it employed its AI-driven agreement platform, Intelligent Agreement Management (IAM), according to a transcript provided by AlphaSense. However, Thygesen said that "the impact happened sooner than anticipated," which caused a drop in first-quarter early renewals, negatively impacting billings growth. The news offset better-than-expected first-quarter results. Docusign reported adjusted earnings per share (EPS) of $0.90, with revenue rising 8% year-over-year to $763.7 million. Both exceeded Visible Alpha forecasts. In addition, the company announced an increase in the current stock buyback program by up to $1.0 billion. The plan's current authorization is $1.4 billion. With today's sharp declines, shares of Docusign fell into negative territory this year. Read the original article on Investopedia Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Time Business News
a day ago
- Time Business News
From Silos to Synergy: Why DevOps Is Essential for Digital Transformation
Introduction Digital transformation is changing the way companies work, compete, and grow. But many businesses still face slow progress due to siloed teams and outdated workflows. That's where DevOps makes a big difference. DevOps breaks down barriers between teams and helps them work together more effectively. This shift from silos to synergy is critical to succeed in a fast-moving digital world. What Is DevOps? DevOps blends practices, tools, and a mindset from software development (Dev) and IT operations (Ops). Teams work together instead of separately. This approach allows them to build, test, and release software faster and more reliably. DevOps focuses on: Continuous Integration and Continuous Delivery (CI/CD) Automation of processes Collaboration across departments Faster feedback loops This helps companies release new features, fix bugs, and respond to market needs faster than ever before. Why Is DevOps Crucial for Digital Transformation? Digital transformation is about using technology to boost how a business works, serves customers, and competes. It often involves shifting to the cloud, adopting new software, or changing processes. Still, technology alone won't do the trick. Without a culture of collaboration and agility, new tools won't deliver their full value. DevOps provides that culture. Here's why DevOps is essential for digital transformation solutions: 1. Breaks Down Silos Silos cause teams to work in isolation, slowing down progress. DevOps creates cross-functional teams where developers, operations, and security specialists collaborate continuously. This teamwork boosts efficiency and innovation. 2. Accelerates Software Delivery In digital transformation, speed matters. DevOps uses automation and CI/CD pipelines to deploy code often and safely. Faster releases help businesses respond quickly to market changes and customer feedback. 3. Enhances Quality and Reliability With continuous testing and monitoring, DevOps ensures software is high-quality and stable. Bugs are caught early, reducing downtime and improving user experience. 4. Builds Security Into the Process (DevSecOps) Digital risks are rising, so security must be part of every stage. DevSecOps adds security checks and best practices directly into development and operations. This approach makes products safer from the start. 5. Supports Scalability and Flexibility As businesses expand, their IT needs shift. Tools like Infrastructure as Code (IaC) help teams manage infrastructure easily. They can scale up or down quickly, which is key in cloud environments. Strategic DevOps Practices for Achieving Digital Goals To succeed in digital transformation, businesses must embrace strategic DevOps practices: Start with Automation: Automate everything from code builds to testing and deployment. Shift Left: Involve QA and security early in development. Use Infrastructure as Code (IaC): Manage infrastructure with code to boost consistency and cut down on human error. Adopt Microservices: Break applications into small services for improved scalability. Measure Everything: Track performance, errors, and user behavior to guide decisions. These practices help organizations deliver faster, improve reliability, and stay ahead of competitors. DevOps and Cultural Transformation DevOps is not just about tools—it's about people and culture. For DevOps to truly work, companies need to: Foster Collaboration: Encourage open communication between Dev, Ops, QA, and business teams. Embrace a Growth Mindset: Accept that failure is part of learning and innovation. Break Down Silos: Create cross-functional teams that work towards shared goals. Promote Continuous Learning: Train teams regularly on new tools, practices, and trends. When culture changes, teams become more agile, accountable, and customer-focused. This cultural shift is at the heart of digital transformation. Benefits of Adopting DevOps in Digital Transformation DevOps plays a major role in helping businesses succeed in their digital transformation journey. It brings development and operations teams together, allowing them to work as one. Here are the key benefits: Faster Time-to-Market DevOps automates key parts of the software process, like testing, integration, and deployment. This reduces delays and helps companies release new features and updates much faster. Improved Software Quality With constant testing and feedback, bugs are caught early in the process. This leads to fewer problems after launch and overall better-quality software. Better Collaboration Between Teams DevOps breaks down the walls between development, operations, and security teams. Everyone works together, improving communication and reducing misunderstandings. Built-in Security from the Start Security is included in every step through DevSecOps. This ensures that security checks happen early and often, rather than being added last. Easy Scaling and Better Performance DevOps tools support cloud environments and Infrastructure as Code (IaC), making it easier to scale apps up or down based on business needs. Automation Reduces Human Errors Automated processes reduce the risk of manual mistakes. Tasks like testing, building, and deploying software become faster and more reliable. Improved Customer Satisfaction With quicker updates, better quality, and fewer issues, customers get a smoother experience, which builds trust and loyalty. Challenges in Adopting DevOps While DevOps offers many advantages, it also comes with challenges. Here are the most common hurdles businesses face: Resistance to Changing Old Habits Teams used to traditional methods may be slow to adopt new tools and workflows. Choosing and Managing Too Many Tools With so many DevOps tools available, it's easy to feel overwhelmed. Picking the right set is key. Skills Gap in Automation and Cloud Not all team members have the skills needed for automation, scripting, or cloud management. Training is essential. Integrating with Old Systems Legacy systems can be hard to update or connect with modern DevOps pipelines. Misaligned Goals Between Teams Without a shared vision, teams may have different priorities, causing friction. Time Needed to Shift Company Culture Adopting DevOps means changing how people work, think, and communicate—this takes time. Concerns About Fast Releases and Security Faster releases may worry some about safety. Without DevSecOps, security risks can grow. Top DevOps Trends to Watch in 2025 Stay ahead by following these leading DevOps practices that are shaping digital strategies this year: 1. AI-Driven DevOps AI and machine learning help identify bugs, improve testing, and optimize workflows automatically. 2. DevSecOps Security is no longer an afterthought. DevSecOps integrates security into every step of the DevOps pipeline. 3. Infrastructure as Code (IaC) Teams now manage servers and infrastructure using code, reducing errors and making deployment faster. 4. Microservices and Containers Apps are built as small, independent services, making them easier to update, test, and scale. 5. Cloud-Native DevOps Modern DevOps tools are designed for the cloud. They use platforms like AWS, Azure, and Google Cloud for flexibility. 6. CI/CD Pipelines Automated pipelines enable quick, safe, and regular software updates. This is vital for agility. FAQs Q: What industries benefit most from DevOps? All industries use DevOps to improve delivery speed and reliability. This is especially true in tech, finance, healthcare, and retail. Q: Do I need special tools for DevOps? Yes, you do. Popular DevOps tools include Jenkins, Docker, Kubernetes, GitLab, and Terraform. Monitoring platforms like Prometheus and Grafana are also key. Q: Is DevOps the same as Agile? No, they are not the same, but they work well together. Agile focuses on development, while DevOps covers deployment and operations. Final Thoughts DevOps isn't just a tech upgrade—it's a mindset shift. It connects isolated teams into a united force. This change helps them move faster, deliver better, and adapt quickly. In today's world, digital transformation is vital. So, DevOps is no longer optional—it's essential. TIME BUSINESS NEWS
Yahoo
2 days ago
- Yahoo
DocuSign Macro Risks Could Cap Upside Despite AI, IAM Traction: Analyst
JP Morgan analyst Mark R Murphy maintained a Neutral rating on DocuSign, Inc. (NASDAQ:DOCU) with a price forecast of $81 on Tuesday. Heading into DocuSign's fiscal first-quarter earnings report, Murphy maintained a cautiously optimistic view, expecting the company to deliver relatively stable execution despite a dynamic-but-manageable macro environment. The analyst noted that DocuSign's recent pattern of fairly conservative guidance sets the company up well to deliver upside to current fiscal first-quarter estimates, while still likely allowing it to maintain some cushion for the back-half of the year to account for ongoing macroeconomic and geopolitical volatility. Also Read: He continues to sense a more balanced risk-reward profile for DocuSign in the medium term, with Intelligent Agreement Management (IAM) traction continuing to drive some stabilization and improvement in growth rates. This is partially balanced by an inferior GAAP profitability framework amid an ongoing IAM investment cycle and some exposure to macro-sensitive end-markets. Murphy noted that DocuSign is well positioned to meet or exceed its fiscal first-quarter guidance bar, calling for +6% CC revenue and proforma billings growth. Both of these call for some deceleration versus the prior quarter, though they include some leap year impact. While DocuSign may elect not to entirely pass through any fiscal first-quarter upside nor incremental currency favorability to the full-year guidance, similar to peers, the analyst noted this could create a favorable setup for the second half, particularly as IAM contributions continue to feather in. Partially balancing this, Murphy said that DocuSign's fiscal 2026 outlook assumes consistent macro trends relative to when it was provided in mid-March. As a result, any degradation in underlying demand activity could exert some drag against ongoing improvements in the core business and go-to-market efforts. While the analyst noted the potential for some continued variability in key metrics, such as customer adds and DNR, he continued to monitor for commentary related to envelopes sent and consumption, for which the company's indications have been encouraging in recent quarters, to assess the underlying health of the core business, including in more macro-volatile verticals and geographies. In addition, coming off DocuSign Momentum, where the company highlighted new AI-driven products such as AI Contract Agents backed by its Iris AI engine, Murphy remains focused on DocuSign's ability to drive further upsell and diversification from its core eSign base through newer features, likely to aid retention trends over time. As a reminder, DocuSign also commented that it expects this IAM contribution to grow in fiscal 2026 and represent a 'low-double-digit' percentage share of its total subscription recurring book of business (ARR) by the fiscal fourth quarter. Overall, Murphy remains encouraged by the pacing of adoption for this broader IAM platform, which has aligned with his view of an accelerated adoption cycle relative to contract lifecycle management (CLM). He noted that much of the penetration today has been in the small and mid-market segments, with the enterprise segment and self-serve motion likely to ramp gradually as the year progresses. As a reminder, DocuSign disclosed at its Momentum conference in April that over 10K customers had purchased IAM. The analyst noted that IAM adoption by a 'low-double-digit' share of the total Subs ARR base by year-end could drive a fairly meaningful uplift in the spending of existing eSign users, potentially resulting in a low-single-digit tailwind to growth trends in the medium-term. Overall, Murphy noted this as a fairly tepid reading on balance when evaluated on a Y/Y growth basis, though he noted that these results for the first quarter land above five of the past ten quarters. While an informative additional data point, he cautioned investors from over-indexing these web traffic figures, given the volatility in these metrics and an absence of supporting transaction-based trends within this data. Murphy projected first-quarter revenue of $747 million and adjusted EPS of $0.82. Price Action: DOCU stock is trading higher by 1.10% to $92.62 at last check Wednesday. Read Next:Image via Shutterstock Date Firm Action From To Mar 2022 Piper Sandler Maintains Neutral Mar 2022 Wolfe Research Maintains Peer Perform Mar 2022 Wells Fargo Maintains Equal-Weight View More Analyst Ratings for DOCU View the Latest Analyst Ratings Up Next: Transform your trading with Benzinga Edge's one-of-a-kind market trade ideas and tools. Click now to access unique insights that can set you ahead in today's competitive market. Get the latest stock analysis from Benzinga? This article DocuSign Macro Risks Could Cap Upside Despite AI, IAM Traction: Analyst originally appeared on © 2025 Benzinga does not provide investment advice. All rights reserved. Erreur lors de la récupération des données Connectez-vous pour accéder à votre portefeuille Erreur lors de la récupération des données Erreur lors de la récupération des données Erreur lors de la récupération des données Erreur lors de la récupération des données
