Any organization that is transitioning to public cloud and using one or more cloud service providers, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), should immediately consider shifting toward a new model of security focused on continuous control and enforcement of secure configuration of cloud services. Importantly, this cannot be a one-time event, but must be monitored and enforced continuously, as the software-defined nature of cloud leads to frequent changes.
Misconfiguring a cloud database, storage asset, or search engine can have massive consequences, especially if these items contain proprietary data. In 2019, Facebook exposed 540 million user records due to a misconfigured AWS S3 bucket. A publicly accessible MongoDB database with misconfigured settings put Verification.io in the news when they exposed 150 gigabytes of customer data. Elasticsearch misconfigurations, a more recent culprit, left companies, including Rubrik, Voipo, Meditab, and Dow Jones, with exposed caches of customer information on publicly accessible servers.
Some other notable data breaches and their causes include:
- MGM Resorts (misconfigured cloud server)
- CenturyLink (misconfigured MongoDB database)
- FedEx (unprotected cloud server)
- Verizon (open S3 bucket)
- Adidas (undisclosed cause)
- National Credit Federation (open S3 bucket)
- Macy’s (undisclosed cause)
- GoDaddy (open S3 bucket)
According to our in-depth cloud misconfigurations research, more than 33 billion records were exposed in data breaches attributable to misconfigurations in 2018 and 2019. The cost? If we use Ponemon Institute’s estimate of $150 as the average cost per lost record and multiply it by the number of records exposed, misconfigurations cost companies worldwide nearly $5 trillion in this two-year timespan. But the full cost of a data breach that makes headlines cannot solely be expressed in terms of money. Once a company suffers a newsworthy data breach, their reputation is at stake. While a damaged reputation can be repaired, it requires significant work, which is sometimes too much for a company under financial pressure and regulatory scrutiny to handle.
So far in 2020, we are seeing conflicting news about the number of data breaches. For the first half year, reports of data breaches are down by over 50 percent, according to research by Risk Based Security. The researchers also determined that while the number of reported data breaches is supposedly down, the number of records exposed in those data breaches is more than four times higher than any previously reported time period. While there were 2,037 publicly reported breaches in H1 2020, which accounts for a 52 percent decrease compared to H1 2019, over 27 billion records were exposed in the first half of 2020, exceeding the total number of records exposed during all of 2019 by more than 12 billion records.
Who’s to Blame?
While many of the aforementioned data breaches involve specific CSP services, the responsibility for securing these components rests with the CSP customer.
“Through 2022, at least 95% of cloud security failures will be the customer’s fault.” – Gartner
Without a holistic approach to security, companies open themselves up to undue risk mostly caused by:
- More users, many of whom are inexperienced
- Failure to shift from outdated security models
- A lack of unified cloud visibility
- Unprecedented rate of change, scale, and scope
Cloud breaches are most commonly caused by misconfigurations. Therefore, organizations must implement controls to prevent or detect and remediate these errors to avoid a data breach. Just ask Capital One, whose recent misconfigured firewall led to a former employee of AWS using web application firewall credentials to obtain privilege escalation, which allowed access to one of their S3 buckets, and a subsequent exposure of over 100 million users’ data.
How Does DivvyCloud Help?
Used by leading cloud adopters like Discovery, 3M, Twilio, Kroger, Fannie Mae, Spotify, and Autodesk, DivvyCloud is an automated platform that identifies, analyzes, and remediates cloud vulnerabilities using customer-defined rules and actions. DivvyCloud is designed to enable organizations to securely embrace public cloud and containers, giving developers the freedom to innovate without exposing the business to risk. This enables DivvyCloud customers to achieve continuous security, compliance, and governance, and fully realize the benefits of cloud and container technology with freedom and control.
Ease of Use, Peace of Mind
Core to DivvyCloud’s platform is an easy-to-use interface from which customers can leverage more than 400 out-of-the-box Insights or create their own to manage the individualized needs of their unique cloud environments. At scale, policy enforcement cannot and should not be performed manually. Our customers have peace of mind because DivvyCloud can discover and automatically take action to address security issues, making it easy to manage even large and complex cloud environments. Our strategic approach to automation allows for simultaneous offense and defense, allowing our customers to increase innovation and reduce risk.
Many solutions focus on one layer of security, whether network/firewall-based, IAM policy lockdown, or account governance. DivvyCloud knows that true cloud security involves many layers. To that end, DivvyCloud policies address the key weak points in multi-vector attacks, allowing for real-time detection and automated remediation of vulnerabilities.
- Ensures account-level controls, logging, auditing, and monitoring
- Executes automatic changes in real time to remediate vulnerabilities
- Uses an API-driven, polling-based approach to discover resources and monitor configurations relative to policies
- Provides full visibility into IAM roles and policies across all CSPs, focusing on least privileged access