Cloud security outfit DivvyCloud confirms that more than 33 billion records have been exposed in cloud misconfiguration incidents in the last two years.
The cost of cloud misconfiguration to businesses has been set at $5tn worldwide over 2018 and 2019, with 33.4 billion records exposed – up by 80%. In this 2020 Cloud misconfigurations report, Divvycloud disclosed the financial and human cost of data leaks as an upward trend as firms adopt cloud services rapidly without proper preparation and planning. The cloud strategies fail as firms miss out even on basic security controls.
Data breaches caused by cloud misconfigurations are all over the news headlines in recent years, and the majority of these incidents are avoidable. Companies are adopting the public cloud at breakneck speed because they need the speed and agility to be competitive in today’s fast-paced business landscape. The actual problem starts when many of these companies fail to adopt a holistic approach to security, exposing their data and infrastructure to undue risk. Secure cloud configuration must be a continuous and dynamic process, and it must include automated remediation.
The report notes the publicly reported data leaks, data exposures, and breaches attributed to dodgy cloud installations. It found 81 violations in 2018 and 115 in 2019, with the most breached firms in the technology industry (41%) followed by healthcare (20%) and government (10%).
The survey suggested that older businesses were more likely to fail in their data security practices in the cloud. 68% of victims founded their firms before 2010, while companies founded since 2015 (6.6%) were less susceptible as they mostly have adopted public cloud services since the beginning of their operation itself. The report showed that 42% of known affected enterprises had been through mergers and acquisitions in the last five years, suggesting that cloud security is at risk when dissimilar IT environments come together.
The most breached services were noted to be the open-source data search engine ElasticSearch, with the number of breaches caused by its misconfiguration rising threefold between 2018 and 2019. The most notable violations during this period include the Adobe breach in October 2019, which exposed customer account information, including email addresses and payment details. There was also, the DIY chain B&Q breach in 2019 that revealed the personal information of the suspects involved in shoplifting. In both these cases, data leak associated with an ElasticSearch database was left on the public internet without any security or password protection.
ElasticSearch was followed by other frequently compromised services like AWS Simple Storage Service, accounting for 16% of recorded data exposure events, and MongoDB, accounting for 12% of incidents.
Having an unprotected server is not acceptable, as configuration management is critical when moving at the speed that technology enables within the cloud. Enterprises need to hold themselves to higher standards, and not be negligent to stop the number of breaches and control the cloud misconfiguration losses. Instead of jumping on to adopt a technology, firms need first to ensure that they have all the pre-requisites fixed.
DivvyCloud said that organizations must move towards secure configuration enforcement and continuous control security model that is monitored and updated continuously, reflecting the dynamic, software-defined nature of the cloud.
Solutions providing high levels of automation will be essential, particularly in large-scale hybrid cloud infrastructures. These large-scale hybrid cloud environment needs to be developed where automation can take the headache out of cloud security by giving organizations a framework for what they should be doing in a continuous, real-time process. As companies move to cloud adoption, they need to simultaneously take control of their cloud security models and prioritize it. This needs to come up as a cultural change for organizations.