Misconfigured S3 bucket
Gartner stated, “through 2022, at least 95 percent of cloud security failures will be the customer’s fault.” Unfortunately, today’s news highlights an example of a data breach due to a simple, but harmful misconfiguration: an exposed AWS S3 bucket. The misconfigured AWS bucket reportedly did not require any authentication to access, yet contained two main datasets related to Securitas and airport employees. As an incredibly powerful service, AWS S3 remains a lightning rod for data breaches due to widespread security misconfigurations.
I’ve said this many times, too many times it feels like, but this stuff is absolutely preventable. This misconfiguration is probably the most well known and well documented at the top of every single ‘To Do’ checklist to secure AWS. So it begs the question, yet again, why does this keep happening? This is absolutely a common mistake that countless organizations are currently making — most just don’t know it yet.
This case is a small example, but it ties into a larger story I’ve been witnessing; that most organizations have significant blind spots to the risks in their cloud. Many businesses use outdated, and obviously ineffective, security controls and tooling. But the cloud has totally eviscerated your traditional security controls. It is time to implement relevant solutions for cloud security.
What solutions could have helped?
Sonrai’s entire existence is at the pinnacle of this cloud security story. Our platform was created to address the larger problem I’ve just called out; CISOs need visibility into their cloud environment and they need modern tools to manage the security risks in their cloud. So how exactly can they get there?
Let’s start at the foundation – Dig’s Cloud Security Posture Management (CSPM) capability. Is your cloud properly secured? This is where the Securitas story comes into play, an AWS S3 bucket was exposed to the internet with no access controls in place. Sonrai Dig monitors your environment 24/7 to detect misconfigurations just like public-facing datastores and not only alerts you to it, but ensures that the alert goes to the team responsible for fixing the issue, not to the back of an already inundated security team’s queue.
Let’s look at what exactly was at stake in the Securitas event: data. Data is the most precious asset to every business today. Its value demands the utmost care in protecting it. How does Sonrai approach cloud data loss prevention (CDLP)? Well, we urge you to ask yourself, do you know where all your data lies at any given moment? Where does it genuinely exist – not where is it supposed to be? Once you can identify where your data exists, you must define what your data is. Data classification allows you to determine what information is the most essential to my business? What is the most sensitive? Again, prioritizing comes into play.
With Dig, once you have found and classified your data, Sonrai will map out all the identities that can access your data. This doesn’t just mean person identities, but non-person identities like virtual machines, resources and even cloud services. Sonrai’s CDLP solution establishes who and what can access your sensitive data, enabling you to pinpoint the identities that shouldn’t be, validating those who should be, and allowing you to ensure an accurate baseline to lock in and monitor against.
The big picture
In the case of Securitas, these two solutions, CSPM and Cloud DLP, would have together, essentially told them ‘you’ve got really sensitive data…and it’s exposed to the internet with no access controls in place!’
It saddens me to say that this will probably not be the last time you find me writing about this type of breach and screaming from the rooftop about what solutions could have prevented this well known misconfiguration and failure of data security controls.This is a topic I (and my organization) feel passionate about, and it seems it’s just an issue of capturing business’ attention to let them know they’re in danger and there IS a solution.
If you want to learn more about how exactly Sonrai is positioned to help you secure, configure, constantly monitor and remediate your cloud – we are always here. Contact us today to start a conversation, or consider checking out a demo. If you’re an AWS user, we work seamlessly with the platform.
*** This is a Security Bloggers Network syndicated blog from Blog - Sonrai Security authored by Eric Kedrosky. Read the original post at: https://sonraisecurity.com/blog/aws-s3-bucket-at-center-of-data-breach-again/