Organizations are increasingly adopting cloud-based infrastructure for data storage and processing. These cloud-based deployments offer several advantages to an organization, including increased flexibility, scalability, and cost savings.
However, the impact of a cloud deployment on an organization is not only positive. Cloud-based data stores are one of the biggest leakers of sensitive data. An organization’s cloud resources are directly accessible from the public Internet, making the impacts of a security misconfiguration much easier for a cybercriminal to capitalize upon than on-premises systems.
Cloud Data Breaches Are Becoming More Common
Implementing strong data security in the cloud should be a priority for most organizations. However, many organizations have trouble with the basic concepts associated with cloud security. For example, 73% of cybersecurity professionals have trouble understanding the cloud shared responsibility model. This model outlines which security responsibilities lie with the cloud service provider (CSP) and which ones lie with the cloud customer.
This lack of understanding contributes to a growing number of cloud-based data breaches. According to Gartner, 99% of cloud data breaches through 2025 will be the customer’s fault. As long as customers lack the understanding of how to properly secure their cloud deployments, these data breaches are likely to continue.
Sharing Settings Expose Cloud Resources
With growing cloud adoption and a lack of understanding of how to secure the cloud, data breaches will become increasingly common. Exacerbating this issue, common techniques for remediating cloud data breaches are ineffective.
One of the most common causes of cloud-based data breaches is the use of cloud sharing features. Most CSPs provide a number of different sharing settings on their platforms. A customer can explicitly manage access to their cloud-based resources by inviting users to the cloud-based resources by email.
Alternatively, a cloud user can use the link sharing option to simplify management of cloud users.
It is the use of this second option that is the major cause of cloud-based data breaches. When cloud-based resources are shared via a URL, anyone with access to that URL can access the resources. This means that data can be exposed to unauthorized users if someone forwards an email containing the sharing link or if cybercriminals scan the public Internet for the URLs associated with cloud-based resources set to public. A cloud resource shared using links is accessible to anyone who knows where to look.
Hiding Cloud Resource Indices Is Not Enough
When a cloud-based data breach is discovered, one of the first steps that the owner takes is to limit access to the breached resources. However, the method taken to accomplish this determines whether or not the effort will be successful.
One approach that has proven to be ineffective is making the index of the cloud-based repository no longer publicly visible. This index provides a listing of the files contained within a repository and links to each of them. Some organizations, such as VPNmentor, simply make this particular file private when informed of a cloud-based data breach.
The problem with this approach to shutting down a cloud-based data breach is that it does not actually impact the security of all of the files within the cloud-based repository. The index file serves the same function as a book’s index, saying where to find a particular piece of information within the entire collection.
If you already know the page number where a particular term appears or the URL of a file within the exposed cloud-based repository, then it is still possible to access it without using the index. This is why it is essential, when informed of a cloud-based data breach or performing an assessment of an organization’s cloud attack surface, to ensure that all sensitive files are marked as private and accessible only to those explicitly invited by email.
Securing Cloud-Based Data
The cloud provides too many benefits for most organizations to ignore. Especially in a time when companies are increasingly supporting remote work, the appeal of infrastructure that is easily accessible from the public Internet and has high availability guarantees is too good to pass up. This means that learning to properly secure cloud-based deployments should become a priority for all organizations.
A first step in this process is gaining visibility into an organization’s complete cloud footprint. The ease of use of the cloud means that employees may have set up cloud-based databases containing company information without the oversight or approval of the IT department. These cloud-based resources are unlikely to be properly secured and potentially expose an organization’s sensitive data to unauthorized parties.
Once all cloud-based resources have been identified, it is necessary to ensure that all of them are properly secured. Many CSPs provide tools for identifying and remediating security flaws in their platforms, and a number of other third-party tools exist as well. Once an organization has identified and remediated any configuration issues, it is a good idea to consider whether additional security solutions, such as a web application firewall (WAF), may be needed to secure cloud-based resources.
Finally, organizations should design and implement a solution to provide protection against future data breaches. This includes monitoring of security settings for corporate cloud resources and implementing strong data access control and monitoring. By ensuring that the IT and security teams have full visibility into data use, an organization can dramatically decrease the probability of an accidental data breach involving misconfigured or unauthorized cloud-based resources.