While attacks — both internal and external — are a common cause of data breaches, another cause is much more mundane. Often, cloud services are misconfigured and unintentionally expose data to the open internet.
Despite the fact that a misconfigured Amazon Web Services bucket may not be malicious, it can be just as damaging. According to Ponemon’s Cost of a Data Breach report, cloud leaks are a leading cause of data breaches and are just as common as malicious attacks.
What is a cloud leak?
A cloud leak occurs when sensitive data, stored in a private cloud, is accidentally exposed to the open internet.
The cloud (as you probably know, if you’re reading this) is, unlike a traditional physical server, a part of the Internet. Cloud storage, however, is private. It’s a fenced-off part of the Internet where organizations can store information without having to encrypt it. Unfortunately, as with a fenced yard, the gate can sometimes be left open by a careless employee or vendor, and that’s when cloud leaks happen.
Cloud leaks can take several forms, for example, cloud storage platforms often allow enterprises the option of opening their cloud up to the public Internet rather than simply keeping the cloud private. When such settings are changed accidentally, private data becomes publicly available. Another possibility is that a vulnerable server is set up in the cloud.
Because the consequences of a cloud leak can be so severe, cloud security is critical.
What is cloud security?
Cloud security is the set of policies, technologies, applications, and controls that protect data, applications, services, and the cloud’s own infrastructure. Gartner defines five cloud security archetypes:
- Cloud Access Security Broker (CASB): Security policy enforcement points, placed between consumers (either on-premise or in the cloud) and cloud service providers. CASBs include technologies like single sign-on, alerts, and malware detection.
- Cloud Workload Protection Platform (CWPP): CWPPs protect a workplace’s applications and work processes in the cloud. These include technologies and functionalities like application allowlists, vulnerability management, and security control management.
- Cloud Security Posture Management (CSPM): Solutions that continuously manage cloud security risk by detecting, logging, and reporting issues. These solutions include security settings and other issues related to governance, and compliance.
- Cloud Infrastructure Entitlement Management (CIEM): Solutions that focus on cloud Identity and Access Management (IAM).
- Cloud-Native Application Protection Platform (CNAPP): CNAPPs protect and monitor data and applications in the cloud, including technologies, like containers, virtual machines, and serverless functions.
Things to know about cloud security
- Cloud leaks are expensive: Unintentional breaches will cost you; Ponemon found that breaches caused by cloud misconfigurations cost more than the average breach by between half a million dollars and $4.41 million. Considering that the average cost of a data breach is $3.86 million, that means a misconfigured cloud can more than double the cost of a breach.
- Cloud leaks are on the rise: As more and more businesses rely on cloud services for a variety of business and development activities and processes, the number of non-criminal breaches, like cloud leaks, have been rising. NetDiligence found that claims for staff mistakes have been increasing over the past few years. In fact, misconfigured cloud storage and open security groups were responsible for more than 200 breaches that exposed 30 billion records over the past two years, according to a 2020 report from Accurics.
- Many cloud deployments have security problems: Part of the reason cloud leaks are so common is simple: there are a lot of misconfigured cloud services. According to Accurics, misconfigured cloud storage services are common in 93% of cloud deployments, and 91% of cloud deployments often have at least one open security group.
- Cloud security issues are a people problem: Most cloud providers, like Amazon Web Services, configure their clouds privately by default. That means that when a bucket is left open, an employee has changed the default settings.
- APIs can be a weak point: Weak software interfaces mean bad actors might be able to get into your cloud. Talk to your cloud providers about the strength of their API.
- You share security responsibilities with your cloud provider: When you contract with a cloud provider, you agree to share responsibility for the security of your cloud. Review your contract and make sure you understand which security responsibilities belong to you.
- The average business uses several distinct clouds. Tech Wire Asia reports that the average organization is using an average of 1,935 distinct clouds. That’s a lot of cloud services and even a business with a well-thought-out cloud security policy may struggle to apply cloud security consistently over that many cloud services.
- Cybercriminals love targeting cloud services. Malicious actors often go after third parties and vendors, and cloud providers are particularly attractive to them. Not only are cloud providers bid companies themselves, but they’re holding onto data for a variety of other organizations.
- Criminals are counting on cloud leaks. There are two groups of people scanning the Internet for cloud leaks — security teams and criminals hoping to stroll into a private cloud and take data for themselves.
- Once your data is exposed, there’s no way to know if it’s been compromised. If your data has been exposed, it might escape notice by an attacker, but you won’t know. After all, the data was available on the Internet. It’s possible no one saw it, but there’s no way to be sure.
- Keep an eye on endpoints. Users will likely be accessing your cloud through web browsers, so be sure to keep those endpoints safe and up to date, so bad actors can’t wiggle in through poorly-secured browsers or devices.
- Encrypt, encrypt, encrypt. Because the cloud is supposed to be private, many organizations don’t encrypt that data, but in the case of a data breach or a leak, your data should be encrypted, both during transit to the cloud and in the cloud itself. While some cloud services offer encryption, consider encrypting the data yourself before uploading it — that way you have control of your own encryption keys.
- Monitor activity. It’s important to know exactly what data you have in the cloud, which clouds you’re using, and how recently the cloud has been configured. Monitor your cloud security closely to make sure all your buckets are closed and your data is, in fact, private.
How can SecurityScorecard help?
Continuous monitoring is a critical part of a cloud security strategy. Mistakes happen, and if your security team is constantly watching your cloud, gaps can be closed before an attacker has a chance to wander in and compromise your assets. However, the sheer number of cloud solutions used by most companies can make monitoring the cloud a difficult task.
SecurityScorecard’s Security Ratings allow your team to check the security posture of your cloud services at a glance, giving you easy-to-read A-F ratings across ten groups of risk factors including endpoint security, IP reputation, web application security, network security, leaked information, endpoint security, and patching cadence. By understanding your security posture, and how to correct any issues that arise, you’ll be able to protect your organization’s cloud infrastructure from leaks and attacks.