Cloudy With a Chance of Breaches – Part 2
Logging on, vibes off. (Extended readers get the other 2 sins today.)
Devs love to say, “If it wasn’t logged, it didn’t happen.” Attackers love that too. Because in most clouds, logging is optional — and optional usually means “off.”
Best Practice #4: Logging & Detection That Doesn’t Exist
The Problem:
No logs = no incident. At least, that’s what management believes… right up until the ransom note includes your CEO’s vacation selfies from a public bucket.
Quick Fix:
AWS: Org-level CloudTrail, GuardDuty, VPC Flow Logs, S3 access logging (on the important buckets, not all).
Azure: Defender for Cloud, Activity Logs → Log Analytics, NSG Flow Logs.
GCP: Security Command Center, VPC Flow Logs, Data Access logs.
Sanity Check: Search your logs for:
Failed IAM logins
API calls from “odd” geos
Surprise
PutBucketPolicyat 3AM
If you can’t find those in <5 minutes, your “monitoring” is just vibes.
Want More?
This is just 1 of 3 tips in this part. Paid readers also get:
Best Practice #5: Secrets in code & CI pipelines (how attackers find creds faster than your interns find Stack Overflow answers).
Best Practice #6: Guardrails you set once so devs can’t YOLO their way into a breach.
👉 [Upgrade to Root Access Tier] for the full playbook.
Related Config Chaos
Still watching the cloud security forecast and wondering why the radar keeps showing exposed services, permission sprawl, and one IAM policy quietly ruining everyone’s day? These issues belong in the same breach-weather system:
Cloudy With a Chance of Breaches – Part 2 - Extended Version — the deeper dive into IAM weirdness, exposed services, and cloud misconfigurations that absolutely did not come from “just testing something.”
Cloudy With a Chance of Breaches – Part 1 — the first storm warning, featuring public buckets, risky defaults, and the classic phrase “we thought that was private.”
The Cloud Control Panel: Where Sanity Goes to Die — because many cloud security problems start with a dashboard button that looked harmless.
The Cloud Decoder – Part 2: Speak Cloudish — a translation guide for the cloud terms vendors use right before IAM gets spicy.
JJ – Chief Packet Pusher


