Hot Topics

Home » Security Bloggers Network » Cloud Misconfiguration and Administrative Error a Top Cause of Cloud Data Breach

Cloud Misconfiguration and Administrative Error a Top Cause of Cloud Data Breach

by CipherCloud on January 2, 2019

Moving to applications in the cloud brings several key advantages to include flexibility, cost savings and speed. Leading software as a service (SaaS) providers can give you exactly what you need at exactly the right time. Line of business teams can often deploy SaaS applications in just a few days, instead of the weeks or months typical of on-premise IT deployment. Unfortunately, top SaaS services are continuously being breached and one of the most common sources of these breaches are human error. Human error resulting in misconfiguration continues to result in the accidental exposure of vast amounts of confidential and sensitive data being stored in cloud services. Recently, in the summer of 2018, GoDaddy, the world’s leader in domain name registration, per cyber risk analyst Chris Vickery, had an unsecured Amazon S3 bucket which had daa on over 31,000 GoDaddy systems as well as pricing and discount data that included a close look at GoDaddy’s business practices. This data exposure was totally avoidable. But GoDaddy is not alone. Some other recent examples of these include Amazon S3 buckets being accidentally shared include the U.S. Department of Defense. In November, 2017 it was reported that the Pentagon accidently shared 1.8 Billion intelligence data objects in a database based on mis-configured Amazon S3 storage permissions. The information exposed which goes back as far back as 2009, is held by U.S. Central Command (Centcom) and U.S. Pacific Command (Pacom). In October, 2017 it was reported that Accenture inadvertently left a massive store of private data across four unsecured cloud servers, exposing highly sensitive passwords and secret decryption keys that could have inflicted considerable damage on the company and its customers. The servers, hosted on Amazon’s S3 storage service, contained hundreds of gigabytes of data for the company’s enterprise cloud offering, which the company claims provides support to the majority of the Fortune 100. The data could be downloaded without a password by anyone who knew the servers’ web addresses. In September, 2017 it was reported that two cloud-based data repositories managed by BroadSoft Inc. which contained sensitive customer information were configured to enable public access, leaving the information exposed. Among the data exposed to public access was a “User Profile Dump” dated 7 July 2017 that contained “more than 4 million records, with Transaction ID, user names, Mac addresses, Serial Numbers, Account Numbers, Service, Category details, and more. Other databases also have billing addresses, phone numbers etc. for hundreds of thousands of TWC customers.” In February, 2018 it was reported that an affiliate of FedEx exposed the personal information of tens of thousands of users. The information, which included 119,000 scanned documents such as passports, driver’s licenses, security IDs and the like, on an open S3 server belonging to Bongo International, a company FedEx purchased in 2014 and which became part of the shipping firm’s now- shuttered FedEx CrossBorder service. “IDs were accompanied by scanned “Driver Applications” – which also contained names, home addresses, phone numbers and zip codes,” customers fake invoices, viruses, and keylogging software. The emails were sent using information that was illegally obtained from Salesforce via the initial data breach. All the above data breaches could have been avoided by using CipherCloud. CipherCloud’s Zero Trust architecture requires that encryption and decryption take place only in a customer’s network before the data is sent to the cloud, such that the data would remain unintelligible to attackers. Our Cloud Security Posture Management (CSPM) brings continuous oversight and real-time guardrails to protect critical administrative and configuration controls in your many IaaS environments, including Amazon AWS, Microsoft Azure, and Google Cloud Services. CipherCloud’s CASB+ gives you the blanket of protection you need for threat protection due to misconfiguration and administrative error. Request a trial today.