What are Cloud Security Breaches?
The COVID-19 pandemic had a profound impact on the economy, social life, and the way we work. With so many employees working from home, the crisis forced organizations to put a bigger focus on cloud security solutions, to mitigate mounting cloud security threats.
Some of the most catastrophic security breaches in recent years were a result of lacking cloud security. This trend will continue as long as the companies do not improve their defenses. Gartner recently updated its cloud security assessment, concluding that by the year 2025, 99% of failures in cloud security will be a result of security issues on the customer side, not the cloud provider side.
Cloud Data Breach Stats
According to a survey by Ermetic, nearly 80% of businesses have experienced at least one cloud data breach in the last 18 months, while 43% of businesses report more than 10 breaches.
According to the 300 CISOs surveyed, the three biggest causes of breaches were:
- Security configuration errors (67%)
- Lack of adequate visibility into access settings and activities (64%)
- Identity and access management (IAM) and permission errors (61%)
Additional findings from the report:
- Top priorities for cloud security are compliance monitoring (78%), authorization management (75%), and security configuration management (73%).
- Top priorities for cloud access are maintaining confidentiality of sensitive data (67%), compliance (61%) and providing the right level of access (53%).
- Read our guide to cloud security threats.
- Read our guide to cloud security challenges.
Major Cloud Security Breaches
Below are stories of some of the biggest data breaches in recent years that were a result of inadequate cloud security.
Capital One is the 10th largest bank in the USA, which was using Amazon Web Services (AWS) at the time. The following events lead to the breach:
- The web application firewall (WAF) was misconfigured
- The attacker exploited the misconfigured WAF and generated a fraudulent access token.
- The attacker used the access token to fetch data from AWS storage.
- The attacker was able to exfiltrate 700 folders and datasets containing customer information.
In this breach, attackers were familiar with AWS commands, so they were able to act quickly once they got access to the network. The attack did not trigger alerts, because the volume of data transferred outside the Capital One network was in line with the regular daily load of network traffic.
State Farm is a group of American insurance and financial services companies. The data breach was caused by a credential stuffing attack. An attacker attempted to log into a State Farm cloud service service using a password previously stolen in an unrelated data breach.
State Farm has repeatedly told customers that the unauthorized access to their accounts did not result in fraud or disclosure of personally identifiable information (PII), but this claim could not be externally verified.
Container users were hit hard by the compromise of the popular Docker Hub repository, in which 190,000 accounts were exposed. Docker said that there was unauthorized access to one of the Docker Hub databases, which stored non-financial user data, and that the company took steps to remove the threat and ensure Docker Hub was secure.
The breach affected 5% of Docker Hub customers, but some of the data accessed included token and access keys used in the auto-build features of Github and Bitbucket. This allows attackers to bypass authentication and inject malicious code into many production pipelines, as well as gaining access to valuable intellectual property.
Hotel reservation management system Autoclerk hosted an insecure Elasticsearch database on AWS that has published hundreds of thousands of bookings. This system is frequently used by military personnel, and public data reveals sensitive information about military travel, including senior officials and deployed troops.
Elasticsearch is commonly used for big data. Elasticsearch can generate a lot of information in case of database corruption. The downside of Elasticsearch is that it is difficult to protect. Additionally, the security features needed to ensure data protection are offered only for advanced license users and can be easily misconfigured.
Cloud Security Best Practices
What can your organization do to improve cloud security? Here are a few tried and tested best practices.
Preventing Privileged Account Compromise with IAM
Identity and Access Management (IAM) solutions can prevent abuse of privileged user accounts, by providing advanced management of user roles and privileges. With an IAM solution, you can define exactly who uses cloud resources, when, and how. You can monitor behavior, trigger pre-configured responses to unusual activity, and set alerts to prevent abuse.
Among the basic features of an IAM system are Two-Factor Authentication (2FA) and Security Assertion Markup Language (SAML), also called single sign-on (SSO). Both of these can help prevent takeover of key user accounts.
Prevent Data Loss by Setting Up Backup and Recovery Solutions
In the cloud, because systems are deeply interconnected, a compromised account can quickly escalate privileges and cause catastrophic damage. You can avoid data loss by configuring the following solutions.
- Backup—backup and archive solutions create redundant copies of data on different storage systems. Backups should be in different cloud accounts, in different availability zones, or preferably on different clouds, or even on-premises, to prevent attackers from deleting them.
- Recovery—ensure you have a reliable process for recovering lost data, including frequent automatic backups, automatic disaster recovery, and user management.
Audit and Optimize Configurations
After configuring your application and infrastructure, you might rest assured that it is configured correctly. But this is a big mistake. First, there may be a configuration error you haven’t noticed. Second, configuration can change as the application or the environment is updated and the workflow changes.
All major cloud services offer some configuration analysis or scanning services. There are also 3rd party services like Cloud Security Posture Management (CSPM) that can help analyze resources and ensure they are configured correctly.
To learn more, see our in-depth guide to cloud security best practices.
Cloud Security Breach Prevention with NetApp Cloud Insights
NetApp Cloud Insights is an infrastructure monitoring tool that gives you visibility into your complete infrastructure. With Cloud Insights, you can monitor, troubleshoot and optimize all your resources including your public clouds and your private data centers.
Cloud Insights helps you find problems fast before they impact your business. Optimize usage so you can defer spend, do more with your limited budgets, detect ransomware attacks before it’s too late and easily report on data access for security compliance auditing.
In particular, NetApp Cloud Insights protects organizational data from being misused by malicious or compromised users, through advanced machine learning and anomaly detection.
This article was originally published on NetApp.