Cloud Security Misconfigurations – and the OCIE



In response to the COVID-19 remote operations, one of the biggest technical changes seen in the financial services industry has been a massive migration to remote operations.  In tandem with this tectonic shift in business operations, a similar migration has occurred with a shift from traditional on-site IT operations to cloud-based operations.  While cloud-based service providers do everything possible to secure their services, the unfortunate fact is that security breaches in the cloud are now even more frequent than network breaches. However, a deeper dive into these breaches suggests that many of the vulnerabilities arise, not from the service providers themselves but from faulty configurations of those services by the end-users.  And regardless of fault, if you have a cloud breach, it’s potentially a violation of Rule S-P (the Safeguards Rule) and S-ID (The Identity Theft Red Flags Rule) – especially if you store investor Subscription Documentation in the cloud.

According to a 2021 survey of more than 250 IT professionals, more than half of all businesses have experienced a security incident related to their cloud-based services. And this statistic likely underestimates the actual number of incidents.  Preventing misconfigurations requires a concerted effort at all stages of usage, from initial contracting through ongoing maintenance and updates.

While there is no single way to prevent being targeted, BW Cyber Services provides a targeted Cloud Configuration Assessment and Remediation service, similar to PenTest for the cloud, that can help you test your cloud configurations to ensure all necessary and appropriate protections are in place. For more information on how BW Cyber Services can assist you, please contact us at