DEV Community

Cover image for The Most Dangerous Word in Cloud Security Is Temporary
Munagala Karthik
Munagala Karthik

Posted on

The Most Dangerous Word in Cloud Security Is Temporary

The most dangerous word in cloud security is "temporary".

Temporary access. Temporary credentials. Temporary open port. Temporary IAM role with broad permissions.

Temporary never dies. It just loses its owner.

I have seen "temporary" resources sitting in production environments for over a year. Nobody created a ticket to clean them up. Nobody remembered why they existed. Nobody wanted to delete something they did not fully understand.

And that is exactly what makes them dangerous.

Permanent resources get reviewed. They are in your documentation. Someone owns them. Someone is responsible if they break.

Temporary resources belong to nobody. Which means nobody is watching them.

An open security group created for a quick debug session. An IAM role with admin access given to a contractor who left six months ago. An S3 bucket made public for a one time file share that never got locked down again.

All temporary. All forgotten. All attack surface.

The fix is not complicated. Every resource needs an owner. Every temporary access needs an expiry. Every exception needs a ticket and a deadline.

If it does not have a deadline it is not temporary. It is just undocumented permanent.

Treat every exception like the risk it actually is.

Top comments (0)