Migrating to the cloud (using services such as Amazon AWS, Microsoft Azure, or Google Cloud) has become the norm for modern businesses. It’s flexible, fast, and lets you get rid of those dusty physical servers in the back room. But there’s a huge mindset trap: many managers believe that once data is moved to the cloud, security is the provider’s responsibility.
This is a fatal mistake. By 2026, most cloud data breaches will not be caused by hackers breaking into Amazon servers, but by configuration errors made by the data owners themselves. At Altanet Craiova, we help companies understand the shared responsibility model.
What does a misconfiguration in the cloud mean?
Imagine the cloud as a massive warehouse of ultra-secure, rented safes. Amazon offers you the most robust safe in the world, with titanium walls. But if you (the customer) leave the safe door ajar or leave the key under the mat, thieves will get in without breaking a sweat.
The most common mistakes we encounter are:
- Public S3 Buckets: Storage buckets are accidentally set to "Public" instead of "Private." As a result, anyone who finds the link can download the entire customer database without a password.
- Excessive Permissions (IAM): Employees or applications are granted "Administrator" rights when they only need "Read" rights. If an employee’s account is compromised, the hacker has full access.
- Lack of MFA: Cloud console administration accounts are not protected by two-factor authentication.
The Shared Responsibility Model
You need to remember one thing: The cloud provider secures THE CLOUD (the physical infrastructure, cables, buildings), but you must secure what you put IN THE CLOUD (data, applications, passwords, settings).
How do you secure your cloud infrastructure?
You don’t need to be an AWS expert to take basic measures, but you do need to be thorough:
- Regular configuration audits: Use automated tools (such as AWS Security Hub or Azure Defender) that scan your account and alert you: "Warning, this folder containing invoices is visible to the entire world!"
- The principle of least privilege: No user or application should have access to all resources. Grant access strictly to what they need to do their job.
- Encrypt data: Even if someone manages to steal the files, if they are encrypted ("at rest"), they are useless to hackers.
To better understand who needs to protect what, you can consult Microsoft’s official guide on Shared Responsibility in the Cloud.
Conclusion
The cloud is secure, but it’s not magic. A single misplaced checkmark in a configuration menu can be equivalent to leaving your company’s door open overnight. Check the settings before uploading your data.
Does your company use cloud services and you’re not sure if the security settings are correct? We can perform an infrastructure audit and provide secure IT configuration services. Visit our contact page and make sure your cloud has no holes.
This material is part of Altanet’s educational series on digital security. Want to know what other risks you’re facing this year? See the complete list of cyber threats for 2026.
