The Malindo Air breach, resulting in passenger records including passport details, home addresses and phone numbers, is just the latest in the ongoing battle against cloud data breaches.
In fact, just last month the Teletext data breach resulted in the exposure of 530,000 data files, including 200,000 customer phone call recordings. The Amazon Web Service (AWS) server, containing a mass of sensitive customer data, was left unsecured by the UK-based travel company for over three years.
Is there a hole in your bucket?
Cloud misconfiguration is a real, and growing problem. According to IBM research, there has been a 424 per cent increase in data leaks stemming from misconfigured cloud systems. In April, 540 million records, found on just two Amazon S3 buckets, were exposed by third-party Facebook app providers and, just last month, the Democratic Campaign Group were discovered to have left over 6 million email addresses of US citizens unprotected.
Even companies that outsource the management of their cloud data security are not safe. In June, more than one terabyte of sensitive data was exposed in Amazon S3 buckets left unsecured by data management company Attituty, affecting numerous top Fortune 100 companies including Netflix, TD Bank and Ford.
With cloud misconfigurations often acting as easy targets for hackers, organisations must do more to safeguard against preventable mistakes. And preventable they are: Gartner research suggests that, by 2020, 80 per cent of cloud breaches will result from customer misconfiguration, mismanaged credentials, or insider theft. So how can you ensure your organisation’s buckets aren’t the next hitting the headlines?
The five pillars of actionable cloud security
Follow the five pillars of cloud security:
1. Identity Access Management (IAM)
Within a cloud infrastructure, IAM allows IT administrators to authorise who can take action on specific resources, and to provide visibility and control across the infrastructure.
Companies must enable single sign-on and multi-factor verification, use roles-based access controls, and reduce the exposure of privileged accounts.
2. Detection Controls
This pillar relies on determining who is allowed access and to what — and then detecting anomalies. These intrusion detection systems (IDS) are automated, and they are designed to monitor and analyse network traffic, and to generate an alert in response to activity that either matches known malicious patterns or is anomalous.
3. Network Security (NetSec)
Many organisations make the mistake of beginning their cloud security discussions around NetSec, but the cloud is different. The shared responsibility model under which cloud ecosystems operate inherently guarantees security of the network — but can’t guarantee the security of the companies that are accessing it.
This is where firewalls and web application firewalls in the cloud offer security at a different level. They are designed to operate in an inherently fluid and off-premise infrastructure.
Finally, an actionable NetSec pillar needs to consider endpoint security. Companies must fully understand the policies and benchmarks that are appropriate to their business and deploy solutions that translate those benchmarks into actionable results.
4. Data Protection
The very notions of data-in-motion and data-at-rest become blurred in the cloud. As data in transit is more vulnerable to malicious activity, the task of protecting that data during transport becomes more critical.
Encryption is the most popular method of protecting data at rest and in transit, but is not a total solution. NetSec controls add another layer of protection, as do data policies. Data that has been classified as at-risk can have specific policies applied to it whenever it is accessed or moved.
There are other data conditions that need to be considered, such as archiving and ongoing threat scanning. For instance, emails residing in trash or spam folders often contain latent threats, which could be triggered if opened at a later date, so must be removed from users’ systems quickly.
Companies need complete visibility of their data and information, as well as controlled versioning of that data, and end-to-end data protection and encryption.
5. Incident Response (IR)
For some organisations, IR is the first symptom of a non-actionable cloud security framework. Often incidents aren’t even identified until the damage is already done.
Within an actionable IR framework, incidents are typically security failures or non-compliance issues that can be easily identified and rectified.
IR can take many forms, from simple identification and rectification, or prevention, to changes in policies and strategies that avoid similar incidents in the future.
Such a framework forms a sequential cycle, each pillar dependent on those preceding it. As exemplified, the above instances give examples of organisations who made basic identity access management mistakes, and therefore failed at the first pillar. Instead, effective identity access management requires organisations to enable single sign-on and multi-factor verification, utilise role-based access control, and reduce the exposure of privileged accounts.
Ultimately, cloud security is still new for most organisations and human error alongside an established skills gap means it is almost impossible to rely on employees to do things correctly every time. In this cloud world of zero-unemployment and a lack of security talent across the board, how do you ensure cloud fixes are applied correctly, and all your data is protected?
Cloud visibility tools are vital and provide end-to-end security, allowing organisations to identify gaps and vulnerabilities within their cloud data service. Alongside this, Cloud Security Posture Management (CSPM) solutions ensure continuous compliance and will constantly scan for misconfigurations and remediate them, deploying firewalls on demand to protect from any potential inbound threats. On top of this, organisations must invest in in-depth and regular training to educate their employees on these tools and decrease the likelihood of mistakes.
Cloud misconfigurations continue to discredit organisations and leave the back door open for cyberattackers. Furthermore, GDPR brings with it an increased economic risk of a data breach, as exemplified in June when BA was fined a record £183m for errors leading to the exposure of customer data by Magecart hackers. Now more than ever, it is vital that IT leaders employ the correct solutions to ensure their data in the cloud is secure.
Chris Hill, RVP Public Cloud & Strategic Partners, Barracuda Networks