That EC2 instance you spun up for a quick test six months ago.
Still running.
Nobody remembers why it exists. But it is still there; quietly costing money every day.
Most teams treat this as a cost problem. Find idle resources; shut them down; save money.
But here is what gets missed.
That forgotten instance has an IAM role with permissions never reviewed since. An old AMI with unpatched vulnerabilities. A security group with rules nobody remembers adding.
Cost reports catch unused resources because someone is watching the bill.
Nobody is watching the security posture of something they forgot exists.
This is how breaches happen. Not through production systems everyone watches. Through the test environment that became permanent by accident.
What you forget does not disappear. It just stops being watched.
Top comments (0)