This is also something that keeps affecting "smart" software engineers with projects, that don't realise they've got misconfigured S3 buckets, or have Firebase or Mongodb etc. wide open to the world. We've seen so many companies that absolutely should know better be in this area.
The reality is that cloud providers make it easy to deploy infrastructure without much thought. You need skilled domain specific IT Architects working together to ensure that an organization's cloud presence is efficient and secure. That discipline and rigor is often dismissed or underappreciated because it forces you to slow down and decreases agility.
Some organizations have some form of Enterprise Architecture group that governs technology and ensures that there is discipline though the maturity and scope varies. I would say most organizations are completely devoid of that type of supervision and oversight.
> I would say most organizations are completely devoid of that type of supervision and oversight.
It's unfortunately far too counter to "move fast and break stuff" that startup space tends to be enamored of, because they tend to want you to do things safely and try to avoid a "Front page of the New York Times" type of security event.
Sure wish it meant more than it does. Sorry that "Front page of the NYT" phrase is one I've been using since back when everyone would have expected it to be the death of a company!
