DigitalWitch Cyber Solutions Ltd. recently migrated 80% of its infrastructure to AWS cloud to support its expanding operations. The cloud brings flexibility and scalability, but misconfigurations can expose the company to major security risks. Below are five of the most common misconfigurations that can occur in this environment:
What it means: An Amazon S3 bucket is left publicly accessible, allowing anyone with the link to view or download its contents.
At DigitalWitch: Internal project files, client reports, and business-critical documents are stored in S3 without enabling proper access control.
Risk/Impact:
What it means: Security groups allow traffic by default (e.g., port 22 open to all IP addresses).
At DigitalWitch: The EC2 instances hosting the company’s web applications are left open on SSH (port 22) to the entire internet (0.0.0.0/0).
Risk/Impact: