High-profile breaches have sparked interest in an emerging class of security software. The technology, named cloud security posture management (CSPM), scours cloud environments and alerts staff to configuration issues and compliance risks, most of which stem from human error.
Exhibit A of this type of gaffe occurred at Capital One in 2019, when a former Amazon Web Services (AWS) employee exploited a misconfigured Web Application Firewall (WAF) the financial service provider was using as part of its operations hosted in AWS, exfiltrated data and stored it on GitHub. In 2018, both a Walmart partner and GoDaddy were exposed when they left AWS storage instances accessible via the internet.
