Cloud Leaks: The basics you need to know
In today’s data-driven economy enterprises are increasingly concerned about protecting their data assets. To this end, they are investing in advanced security and data protection processes, which comprise both technical and organizational solutions. Nevertheless, most organizations remain vulnerable as evident in the proliferating number of security incidents such as data breaches, hacks, and attacks against IT systems. For example, in the scope of data breaches, adversarial parties break into IT systems and gain access to sensitive information. On the other hand, hacks enable unauthorized access to systems and databases based on mechanisms like ransomware and the establishment of botnets. As a prominent example, three years ago, the WannaCry large-scale, ransomware attack, affected thousands of enterprises worldwide.
One of the most prominent types of security incidents is the so-called “leaks”. The latter involves accidental physical exposure of sensitive data on the Internet. A main characteristic of leaks is that they are not caused by an external adversary. Rather they are due to some action or inaction on the data. Most people are familiar with major data leaks that have happened during the last decade, such as the Cambridge Analytica data leak that provided access to the personal data of millions of Facebook users.
In recent years, several notorious data leaks are associated with the expanded use of cloud computing. They are considered as special cases of large-scale data leaks and are conveniently called cloud leaks.
During the last decade, the cloud is the computer. Companies are increasingly abandoning on-premise deployments towards moving to the cloud. In this way, they leverage the flexibility, cost-effectiveness, resilience, and scalability of cloud computing. However, cloud adoption comes with a downside: enterprises relinquish control of the security of their data asset to the cloud providers.
In several cases, cloud computing infrastructures are misconfigured, which provides opportunities for adversarial parties to gain access to precious data. On the other hand, the way cloud infrastructures are configured is beyond the control of the cloud customers. Moreover, the latter has very poor visibility on how their cloud infrastructures are configured and very limited opportunities for scrutinizing the respective security measures. This makes it very challenging to identify poor cloud configurations and to prevent cloud data breaches.
Cloud leaks are quite different from other types of security incidents, as they are not the result of an adversary’s actions. Rather they are due to poor security implementations, including mistakes or negligence of IT employees. In several cases, misconfigured cloud instances go unnoticed by the cloud customers, especially when they are not exploited by some adversarial parties. The speed of cloud adoption is usually to blame for this issue. As cloud deployments proliferate at an unprecedented pace, enterprises lack the resources needed to audit and safeguard the security of their cloud deployments.
During the last decade, many organizations have suffered from cloud leaks, including organizations of different sizes and industries. For instance, back in April 2016, the National Electoral Institute of Mexico become the victim of a cloud leak that compromised nearly 93 million voter registration records. Likewise, most IT giants have reported some sort of cloud security incident that led to data exposure.
The cloud leaks that receive attention are the ones that entail high-value data assets. This is the case with customer datasets such as credit card numbers, bank account numbers, medical records, and other forms of personally identifiable information (PII) like addresses, phone numbers, and social security numbers. The leak of such data can have significant consequences, including:
Overall, cloud data leaks can have a severe business impact on the enterprises that will be held liable for the leak. Enterprises must put in place mechanisms that diminish the probability of a catastrophic cloud leak.
To minimize the probability of cloud leaks and to mitigate their impacts, enterprises should adhere to the following best practices:
Overall, there is no silver bullet for preventing cloud leaks. Organizations should combine the above-listed best practices towards creating a well-structured, responsible, automated, and regulatory compliant environment for cloud security. The latter will minimize the chances of a cloud leak and of the subsequent risks of brand damage and regulatory penalties.
Six Ingredients of Data Management Intelligence
Top Strategic Priorities for CIOs in 2021
Positioning Your IT for Success in 2021
Customer Centric Processes: From CRM to Customer Data Platforms
Robotic Process Automation: A Driver for Cost-Efficient Enterprises Processes
Seven Ways COVID19 has Changed the CIO Role
AIOps: Empowering Automated and Intelligent Cloud Operations
Shaping the Future of Enterprise Content Management with Artificial Intelligence
An Introduction to Continuous Integration and Workflows
Anti-Money Laundering in the Era of Digital Finance
We're here to help!
No obligation quotes in 48 hours. Teams setup within 2 weeks.
If you are a Service Provider looking to register, please fill out this Information Request and someone will get in touch.
Outsource with Confidence to high quality Service Providers.
If you are a Service Provider looking to register, please fill out
this Information Request and someone will get in
Enter your email id and we'll send a link to reset your password to the address
we have for your account.
The IT Exchange service provider network is exclusive and by-invite. There is
no cost to get on-board;
if you are competent in your areas of focus, then you are welcome. As a part of this exclusive