More than 60% of cloud security incidents in 2026 trace not to zero-days but to misconfiguration — exposed storage, over-permissive IAM, leaked keys, and weak API gateways. The good news: misconfigs are findable and fixable.
The four that cause most incidents
1. Exposed object storage
Public S3/Blob/GCS buckets remain the classic leak. Find your own before someone else does:
# AWS: list buckets with public access not fully blocked
aws s3api list-buckets --query "Buckets[].Name" --output text
aws s3api get-public-access-block --bucket BUCKET # all four should be true2. Over-permissive IAM
Wildcard policies ("Action":"*","Resource":"*") and unused admin keys are privilege-escalation fuel. Enforce least privilege and turn on access analyzers.
3. Leaked keys
Long-lived access keys end up in git, CI logs, and client bundles. Prefer short-lived role-based credentials; scan repos and rotate aggressively.
4. Weak API gateways
Unauthenticated routes, missing rate limits, and gateways that forward to internal services without authz.
A pragmatic fix order
- Block public access at the account level for storage; allow-list exceptions explicitly.
- Kill wildcard IAM and unused keys; move to short-lived credentials.
- Enable cloud-native posture tooling (Security Hub / Defender for Cloud / SCC) and a CSPM.
- Centralise logging — missing logs is itself a top finding and a DPDP/RBI gap.
RingSafe runs cloud configuration reviews and cloud pentests across AWS, Azure, and GCP. Explore cloud security.
Get a VAPT scoping call
Senior practitioner-led VAPT — not a checklist run by juniors. CVSS-scored findings, free retest, attestation letter. India's SMBs and SaaS teams.