While I previously wrote that the cloud is not a magical place, I think it’s important to point out that there is a sickness in the IT world. It’s insidious and seems to hang around Kanban boards like West Nile laden mosquitos hang around a pond. Of course, I’m talking about exposed S3 buckets and NoSQL/MongoDB databases.
The fundamental issue appears to be that the those who configure these environments do not know what they don’t know. We need to take down this sickness. Unfortunately, there is no blinky box that can fix this problem*. Rather, employee awareness and support are needed. For example, include a segment in your organization’s mandatory security training to engage the IT or IT security team for guidance on the proper use of such services. Yes, this may encourage some people who may not otherwise have thought to copy the contact database into an S3 bucket, and may drive up work on the IT team, but it’s better than the alternative. If you offer help rather that harsh criticism, you may just get people to ask for that help.
I suppose it should go without saying that your organization’s IT and security teams should themselves know how to properly use these services as a start.
*depends on your willingness to believe CASB vendor marketing pitches. YMMV.