Star Wars: A Tragic Tale of Data Security

Disclaimer: DivvyCloud in no way supports or defends the actions or beliefs of Darth Vader or the Empire that he represents. This blog post is meant to be purely illustrative.

The Death Star: an impenetrable fortress capable of mass destruction. According to Wookieepedia, approximately 1.7 million military personnel and 400,000 droids manned this battle station, which spanned 120 kilometers in diameter.

AWS Builder Community Hub
Death Star from Star Wars

As you visualize the Death Star, your mind might wander. You might think of your favorite Star Wars characters (Chewbacca, Ewoks!) or scenes (Darth Vader’s climactic reveal to Luke Skywalker – “No, I am your father”). What you probably aren’t thinking about are the very real security flaws that led to the Death Star’s destruction. 

Let’s start with the design. The aptly named Death Star architect, Galen Erso, purposefully included a structural weakness: a two-meter thermal exhaust port leading to a reactor core. In today’s world (at least on Planet Earth), we call this a malicious insider or an insider threat. Malicious insiders are people who take advantage of their access to inflict harm on an organization. Just ask Capital One whose recent firewall misconfiguration allowed a former AWS employee using web application firewall credentials to obtain privilege escalation. This allowed access to one of their S3 buckets and subsequent exposure of over 100 million users’ data. Erso’s work exemplifies an intentional insider threat to the Empire. His deliberate inclusion of a structural flaw may not have been preventable, but if the Death Star had adequate security (like DivvyCloud), it would have been detected and mitigated.

This leads us to the next problem: how did Luke Skywalker find out about this created security misconfiguration that left the Death Star vulnerable? Two words: Account hijacking. Cloud account hijacking is a process in which an individual or organization’s cloud account is stolen or hijacked by an attacker. The Death Star suffered “account hijacking” when a few savvy Rebel Alliance spies managed to infiltrate Scarif’s (an Empire held planet enveloped in impenetrable deflector shields and heavily defended) planetary shield in a hijacked Zeta-class cargo shuttle and steal data plans containing the Death Star’s schematics. Their goal was to find a weakness within the superstructure and exploit it. They got their data to Princess Leia (Alliance sympathizer), who stored it securely in R2-D2 (long-term DivvyCloud user), who ultimately delivered it to the Alliance. 

Long story short, Luke Skywalker takes off in his X-wing and fires two proton torpedoes into the infamous exhaust port, destroying the Death Star and saving the day ..well, not for the Empire.

While some parts of this film franchise are wildly fantastical, the malicious insider, misconfiguration, account hijacking, and subsequent data breach that effectively took down the Empire, are entirely plausible. In fact, these are concerns that companies face every day. They are often vulnerable because they don’t have processes in place to prevent, detect, and repair improperly configured cloud data services.

Like the Empire, companies need security solutions that provide the automation essential to enforce policy, reduce risk, provide governance, impose compliance, and increase security across large-scale, hybrid cloud infrastructures. Automation should take the pain out of making cloud infrastructure secure in a shared responsibility world by providing a framework for what organizations should be doing via a continuous, real-time process. By utilizing security automation, companies can stay agile and innovate, while maintaining the integrity of their technology stack and applying the policy they deem necessary to operate their business (or evil plans of planetary destruction).

Core to a company’s solution should be an easy-to-use interface from which clients can manage their existing cloud infrastructure. At scale, policy enforcement cannot and should not be manually performed. Security automation can discover and automatically take action to address policy infringements or security issues (like an exposed Death Star). It also allows for simultaneous offense and defense, resulting in increased innovation and a reduction of risk.

Are you interested in learning more? Speak with a DivvyCloud expert today and may the force be with you!

Watch DivvyCloud’s 60-second video to learn how we help customers like GE, 3M, Autodesk, Discovery, and Fannie Mae stay secure and compliant.

DivvyCloud minimizes security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes). First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.

The post Star Wars: A Tragic Tale of Data Security appeared first on DivvyCloud.

*** This is a Security Bloggers Network syndicated blog from DivvyCloud authored by Anna Mulamba. Read the original post at: