People Can’t Be Patched: Why Human Error is a Huge Cloud Security Risk
“Assume breach” is a fundamental principle of Zero Trust. And it applies just as much to people as it does your workloads. Just as we need to assume breach in the IT environment, we also need to assume human error in your workforce.
Research bears out this assumption. According to a recent study, mistakes by people account for close to half of all data breaches in the cloud.
People are always the weakest link
Resources in the cloud are dynamic and ephemeral. Securing a hybrid cloud architecture can be challenging. That’s especially true when the architecture includes multiple cloud vendors, on-premises data centers, and mobile endpoints.
And all cybersecurity architectures contain one weak link in the workflow. (Hint: it’s located between the keyboard and the chair.)

No human can manage security in a complex environment without making an occasional error. Given enough time, everyone makes mistakes.
Policy enforcement is impossible with humans, even in the most robust Zero Trust architectures. Human decisions and mistakes are impossible to reduce to a reliable algorithm. People are unpredictable. And no amount of training will stop someone from clicking on links, accidentally downloading threats, or eventually misconfiguring a security device.
Zero Trust architecture must protect against unpredictable scenarios. Human error should be at the top of that list.
The segment protects you from yourself
Human error allows breaches to enter cloud resources. That’s why enforcing policy between all resources is the only way to restrict movement of the breach, regardless of how complex or mysterious that threat is.
Once that first cloud resource gets compromised, that threat will try to move to the next resource toward its ultimate goal. And the only way that any threat can move between resources is through a network segment.
Monitoring and enforcing all segments between resources can reveal undetected threats based on network behavior between application dependencies. The movement of a threat from one resource to another will almost always produce spikes in normal traffic behavior. These spikes can be discovered and enforced.
For example, unusual behavior across segments — such as sudden bursts in lateral network traffic between resources — can be a sign of malicious traffic on the move. This can be the case even if your threat-hunting tools have not yet discovered a threat on that resource.

Monitoring and enforcing the segment will protect your environment from inevitable mistakes, human or otherwise.
The errors putting your cloud at risk
In cloud security, human error comes in a variety of types:
- Weak access passwords
- Exposed storage instances
- Failing to rotate SSH keys
- Leaving ports open laterally between resources
- Not patching the OS on those resources
- Assuming security is someone else’s job
- Trusting cloud vendors to secure resources that you host on their environment
All of these mistakes will open the door to threat actors to gain entry.
What’s more, humans can be easy to manipulate. For attackers, social engineering is an effective, low-tech solution to compromising corporate credentials.
AI-generated tools are beginning to expand the ways in which threat actors can impersonate someone in authority, requesting passwords from an underling or coworker. Attackers can also use LinkedIn to find and bribe an employee of a targeted company to get credentials. Zero Trust needs to take into account these unfortunate but common scenarios.
Segmentation applies to humans as much as it does to workloads — perhaps more so. Whether intentional or accidental, human error needs to be assumed. Humans need to be assigned the same level of trust as any workload: zero.
Vendors make security errors, too
For the sake of argument, let’s pretend your employees are all fully trained, reliable, and practice good Zero Trust hygiene. But what about third-party entities, which also have all kinds of access to your environment?
Do you trust contractors, vendors, auditors, branch offices, agencies, or suppliers to follow security best-practices?
In Zero Trust, the answer is always no. Those external entities may claim to be secure, and they may truly think they are. But without full control of external parties, you must assume that their security is potentially weak.
The keyword in Zero Trust is zero — whether it’s workloads, people, or third-party entities.
Contain breaches with Illumio
Enforcing segmentation protects the hybrid multi-cloud from errors committed by even the most well-intentioned employee.
A Zero Trust architecture pushes the trust boundary out to every resource and every human. It then continuously monitors all segments between them.
The segment is the common denominator in how threats spread across workloads, regardless of how they entered the environment. Humans cannot be secured, patched, or quarantined effectively. Eventual failure must be assumed.
Illumio Zero Trust Segmentation helps you visualize, discover, and stop threats from spreading between resources at any scale, regardless of the source. This builds a consistent cybersecurity architecture that protects resources from any kind of threat — from digital to human.
Contact us today to learn more about how Illumio ZTS can help secure your hybrid multi-cloud from human errors.