Don’t Be Caught Unsecured
The cloud has revolutionized operations; don’t be misconfigured
BOy David Meltzer
ver the last decade, the cloud has revolutionized the way businesses operate. Today, modern enterprises are turning to a hybrid IT environment, leveraging the best of both worlds—the scalability of cloud in- frastructure and the control of on-premises systems.
Reduced operating costs, greater flexibility and agility are immense benefits for any organization, not to mention a significant competi- tive advantage, but they are not easily attained without overcoming unique security challenges and risks.
Hybrid environments can quickly multiply the complexity of an already complicated infrastructure. It’s a combination of services completely owned and managed by an internal team, plus services completely owned and managed by cloud service providers (CSP). With different environments in play, enterprises must integrate mul- tiple applications and systems, which often requires entirely different skill sets. With so many moving pieces, it can be extremely difficult to maintain proper visibility across the different environments, and quite easy to inadvertently leave data exposed.
When it comes to securing this data, perhaps one of the biggest mistakes organizations are guilty of today is overlooking basic secu- rity controls. A simple misconfiguration in cloud services can leave even the most security-minded organizations exposed and vulnerable to malicious actors. This little mishap can expose sensitive data, in- cluding passwords, personally identifiable information (PII) and oth- er types of information, which could damage customers, employees and the company’s reputation.
30
0618 | SECURITY TODAY
Here are the key considerations for avoiding the most common misconfiguration errors in the cloud, and the important steps to take to keep every component of your hybrid IT environment secure.
Rising Cloud Misconfiguration Breaches
Data breaches by way of cloud misconfigurations continue to make headlines day after day.
In July 2017, as many as 14 million Verizon customer records were left exposed as a result of an unsecured server. This information con- tained customer names, phone numbers and account PIN codes—all publicly available online.
Similarly, data firm Deep Root Analytics left personal data ex- posed after storing it on a cloud server configured to be made pub- licly accessible. Working on behalf of the Republican National Com- mittee (RNC), this included information containing the personal details of 198 million U.S. voters.
Shortly thereafter, Dow Jones experienced a data leak when it left a server accessible to anyone with a free Amazon Web Ser- vices (AWS) account—not just Dow Jones-associated accounts. The breach involved a database containing the personal information of over two million customers.
These are only a few recent examples but it’s evident these errors are happening too often, most of which could have been easily corrected.
Common Misconfiguration Mistakes
According to a report released by RedLock in October 2017, more
CLOUD MANAGEMENT
Blackboard/Shutterstock.com