So far in 2019, we are averaging more than two major Elasticsearch misconfigurations a month. That’s pretty impressive considering these servers are being publicly exposed, potentially releasing millions of customers’ personal data, all due to lack of password protection. This also happened to be the reason for Freedom Mobile’s, Canada’s fourth largest cell network, recent data breach. Luckily for Freedom Mobile, security researchers discovered their exposed Elasticsearch server.
As reported by Information Security Buzz “The data was exposed without a password and includes full credit card numbers, expiration dates and verification numbers stored in plaintext as well as customer names, email addresses, phone numbers, postal addresses, dates of birth, customer types and account numbers. None of the data was encrypted.”
DivvyCloud CTO, Chris DeRamus spoke with Information Security Buzz on this latest misconfiguration:
Companies should always be thankful when ethical security researchers discover their misconfigured servers instead of malicious hackers. However, suffering a leak of data for 15,000 customers will definitely tarnish the company’s brand reputation and customer trust. Leaving a database unsecured without a password is bad enough, but not even knowing about the vulnerability adds insult to injury. All companies must have security tools and processes in place to proactively avoid data leaks.
Customers deserve to have their data protected with the proper security controls. Organizations must focus on internal operations as databases, storage containers, search engines and other cloud data repositories are often misconfigured. Misconfigurations can be the result of a developer simply not knowing how to properly secure the cloud service. Or a developer may even tweak a server configuration as part of troubleshooting and forget to secure it again once they are done with their project, leaving it publicly accessible. Organizations lacking proper processes and tools to identify and remediate insecure software configurations and deployments are just waiting for a data breach.
That is why companies must invest in cloud operations (CloudOps), which is the combination of people, processes and tools that allow organizations to consistently manage and govern cloud services at scale. Key to this is hiring and developing the right people, identifying processes that address the unique operational challenges of cloud services and the automation of these processes with the correct tools. Automated cloud security solutions grant enterprises the ability to detect misconfigurations and alert the appropriate personnel to correct the issue, or they can even trigger automated remediation in real-time.
Watch DivvyCloud’s 60 second video to learn how we help customers like GE, 3M, Autodesk, Discovery, and Fannie Mae stay secure and compliant.
DivvyCloud minimizes security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes). First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.