What it is
Orphaned cloud resources are cloud assets—IPs, volumes, snapshots, DNS records, load balancers, or entire services—that have outlived the workloads they once supported. They remain deployed on production tenants, often with public endpoints or credentials attached, but no longer have an owner watching over them.
Why it matters
Because nobody maintains these resources, they typically miss patches, logging, and access controls. Attackers can hijack idle IPs, copy data from forgotten storage buckets, or repurpose unused compute to pivot deeper into the environment—all without triggering alerts tied to active applications.
How to reduce risk
- Run frequent, automated inventories across every account and region
- Tie each resource to an accountable owner and remove anything unused
- Enforce least-privilege policies and cleanup automation for stale artifacts
- Continuously monitor the external attack surface for exposed cloud services