Cloud data breaches often caused by user mismanagement

Whether or not many companies are as prepared as they should be, researchers at Gartner say cloud-computing services will grow 17 percent this year alone.

Jeff Rowe | Nov 05, 2017 11:00 pm

The issue of data security long predates the spread of cloud computing, and while cloud providers have significantly upped their technological game when it comes to protecting client data, experts say the human side of data security still leaves much to be desired.

The enemy is us,” Chris Vickery, director of cyber risk research at UpGuard, a cyber security consultancy, recently told writer Tom Spring. “We are bringing this on to ourselves.”

Vickery attributes what he called an “epidemic of unsecured private data” to user misconfigurations on public cloud platforms, and according to Spring, IBM X-Force Threat Intelligence reports that as of September 2017, 1.3 billion records tied to 24 incidents have been exposed to the public internet via misconfigured servers.

According to Vickery, a big part of the problem is a rush to cloud adoption by businesses that aren’t ready.  “It doesn’t help that companies are rushing workloads and data to the cloud,” he said. “It’s certainly not increasing the security or decreasing the amount of publicly exposed data.”

Knowing if data has been compromised is often hard to tell, Vickery noted. “I don’t know how often the things that I find are also found by bad actors; it’s impossible to know. But I think it’s safe to say, if we are finding the data, the bad guys are too. They just don’t advertise the fact,” he said.

In Spring’s view, while cloud configuration errors are common, another problem is companies or administrators setting access permissions for a vendor or solution provider outside of the company to see or manage the data. In the case of a Verizon breach last summer, for example, 14 million customers had data exposed because a third-party contractor forgot to limit external access.

When it comes securing the cloud and protecting against leaks, experts such as Jesse Dean, senior director of solutions at Tetrad Digital Integrity, say it takes a layered approach.

“In terms of workforce, you can’t just turn your datacenter staff into AWS experts overnight. It takes time, effort, hiring new, and even rethinking your talent management strategy. Not everyone is going to make the transition,” Dean cautioned.