Plugging the holes: How to prevent corporate data leaks in the cloud

Incorrect configuration of cloud resources can lead to various security incidents and ultimately cost your organization dearly. Here’s what you can do to prevent cloud configuration.

Forget shady attackers who use bespoke zero-day holdings remotely. One risk that is far more real for organizations when embarking on ambitious digital transformation projects is human error. In fact, “miscellaneous errors” accounted for 17% of data breaches last year, according to Verizon. When it comes to the cloud, there is one particular trend that stands out above all others: misconfiguration. It is responsible for the leaks of billions of records each year and remains a major threat to corporate security, reputation and bottom line.

Mitigating this persistent human threat will require organizations to focus on achieving better visibility and control over their cloud environments — using automated tools where possible.

How bad are cloud data leaks?

Digital transformation saved many organizations during the pandemic. And now it is seen as the key to success when they leave the global economic crisis. Cloud investments are at the heart of these projects – supporting applications and business processes designed to create new customer experiences and operational efficiencies. According to Gartner, global spending on public cloud services is expected to grow 18.4% in 2021 to a total of nearly $ 305 billion and then increase by a further 19% next year.

However, this opens the door to human error – as error configurations expose sensitive data to malicious actors. Sometimes these records contain personally identifiable information (PII), such as the leak that affected millions at a Spanish hotel reservation software developer last year. But sometimes it is undoubtedly even more sensitive. Just last month, it emerged that a classified U.S. terror watch list had been exposed to the public Internet.

The bad news for organizations is that threat actors are increasingly scanning for these exposed databases. In the past, they have been dried and held to ransom and even targeted with digital web skimming code.

The scale of these leaks is astounding: an IBM survey from last year found that over 85% of the 8.5 billion breaches recorded in 2019 were due to misconfigured cloud servers and other misconfigured systems. That’s up from less than half in 2018. The number is likely to continue to rise until organizations take action.

What’s the problem?

Gartner predicted that by 2020, 95% of cloud security incidents would be the customer’s fault. So who is to blame? It stems from a number of factors, including lack of oversight, poor awareness of policies, lack of continuous monitoring and too many cloud APIs and systems to manage. The latter is particularly acute as organizations invest in multiple hybrid cloud environments. Estimates suggest that 92% of companies today have a multi-cloud strategy, while 82% have a hybrid cloud strategy that increases complexity.

Cloud configurations can take many forms, including:

  • Lack of access restrictions. This includes the common problem of public access to AWS S3 storage shovels, which could allow remote attackers to access data and write to cloud accounts.
  • Too permissible security group policy. This may include making AWS EC2 servers accessible from the Internet via SSH port 22, enabling remote attacks.
  • Lack of permit checks. Failure to restrict users and accounts to at least privilege can put the organization at greater risk.
  • Misunderstood internet connection paths
  • Incorrectly configured virtualized network functions

Shadow IT can also increase the chances of the above happening as IT does not know if cloud systems are configured correctly or not.

How to fix error configuration in the cloud

The key to organizations is to automatically find and resolve any issues as quickly as possible. Yet they fail. According to a report, an attacker could detect misconfigurations within 10 minutes, but only 10% of organizations fix these issues within that time. In fact, half (45%) of organizations correct misconfigurations somewhere between an hour and a week later.

So what can be done to improve things? The first step is to understand the model of shared responsibility for cloud security. This indicates which tasks the cloud service provider (CSP) will perform and what falls within the customer’s area of ​​responsibility. While CSPs are responsible for security of the cloud (hardware, software, network and other infrastructure), customers must assume security in the cloud, which includes configuration of their assets.

Once this is established, here are a few tips for best practices:

Restrict permissions: Apply the principle of least privilege to users and cloud accounts, thus minimizing risk exposure.

Encrypt data: Use strong encryption for business-critical or highly regulated data to mitigate the impact of a leak.

Check that it complies before making sure: Prioritize infrastructure-as-code and automate policy configuration checks as early as possible in the development lifecycle.

Continuous audit: Cloud resources are notoriously volatile and changeable, while compliance requirements will also evolve over time. This makes continuous configuration checks against policy crucial. Consider Cloud Security Posture Management (CSPM) tools to automate and simplify this process.

With the right strategy in place, you will be able to manage cloud security risks more effectively and free up staff to be more productive elsewhere. As threat actors become better at finding vulnerable cloud data, there is no time to waste.


Leave a Reply

Your email address will not be published.