Cloud Leaks: The basics you need to know

Cloud Leaks: The basics you need to know
share on
by Sanjeev Kapoor 05 Oct 2020

In today’s data-driven economy enterprises are increasingly concerned about protecting their data assets. To this end, they are investing in advanced security and data protection processes, which comprise both technical and organizational solutions. Nevertheless, most organizations remain vulnerable as evident in the proliferating number of security incidents such as data breaches, hacks, and attacks against IT systems. For example, in the scope of data breaches, adversarial parties break into IT systems and gain access to sensitive information. On the other hand, hacks enable unauthorized access to systems and databases based on mechanisms like ransomware and the establishment of botnets.  As a prominent example, three years ago, the WannaCry large-scale, ransomware attack, affected thousands of enterprises worldwide.
One of the most prominent types of security incidents is the so-called “leaks”.  The latter involves accidental physical exposure of sensitive data on the Internet. A main characteristic of leaks is that they are not caused by an external adversary. Rather they are due to some action or inaction on the data. Most people are familiar with major data leaks that have happened during the last decade, such as the Cambridge Analytica data leak that provided access to the personal data of millions of Facebook users.

In recent years, several notorious data leaks are associated with the expanded use of cloud computing. They are considered as special cases of large-scale data leaks and are conveniently called cloud leaks.

 

Understanding Cloud Leaks

During the last decade, the cloud is the computer. Companies are increasingly abandoning on-premise deployments towards moving to the cloud. In this way, they leverage the flexibility, cost-effectiveness, resilience, and scalability of cloud computing. However, cloud adoption comes with a downside: enterprises relinquish control of the security of their data asset to the cloud providers.
In several cases, cloud computing infrastructures are misconfigured, which provides opportunities for adversarial parties to gain access to precious data. On the other hand, the way cloud infrastructures are configured is beyond the control of the cloud customers. Moreover, the latter has very poor visibility on how their cloud infrastructures are configured and very limited opportunities for scrutinizing the respective security measures. This makes it very challenging to identify poor cloud configurations and to prevent cloud data breaches.
Cloud leaks are quite different from other types of security incidents, as they are not the result of an adversary’s actions. Rather they are due to poor security implementations, including mistakes or negligence of IT employees. In several cases, misconfigured cloud instances go unnoticed by the cloud customers, especially when they are not exploited by some adversarial parties. The speed of cloud adoption is usually to blame for this issue. As cloud deployments proliferate at an unprecedented pace, enterprises lack the resources needed to audit and safeguard the security of their cloud deployments.
During the last decade, many organizations have suffered from cloud leaks, including organizations of different sizes and industries. For instance, back in April 2016, the National Electoral Institute of Mexico become the victim of a cloud leak that compromised nearly 93 million voter registration records. Likewise, most IT giants have reported some sort of cloud security incident that led to data exposure.

 

Commonly Leaked Information and Business Impact

The cloud leaks that receive attention are the ones that entail high-value data assets. This is the case with customer datasets such as credit card numbers, bank account numbers, medical records, and other forms of personally identifiable information (PII) like addresses, phone numbers, and social security numbers. The leak of such data can have significant consequences, including:

Overall, cloud data leaks can have a severe business impact on the enterprises that will be held liable for the leak. Enterprises must put in place mechanisms that diminish the probability of a catastrophic cloud leak.

 

Best Practices and Solution Guidelines

To minimize the probability of cloud leaks and to mitigate their impacts, enterprises should adhere to the following best practices:

 

Overall, there is no silver bullet for preventing cloud leaks. Organizations should combine the above-listed best practices towards creating a well-structured, responsible, automated, and regulatory compliant environment for cloud security. The latter will minimize the chances of a cloud leak and of the subsequent risks of brand damage and regulatory penalties.

Recent Posts

get in touch

We're here to help!

Terms of use
Privacy Policy
Cookie Policy
Site Map
2020 IT Exchange, Inc