Unfortunate news last week saw over 47GB of medical records, including blood test results of 150,000 patients, exposed after a misconfiguration cloud storage error was located in an unsecured Amazon server. This is not the first time a misconfiguration error has led to a data breach, and it’s becoming a worryingly common theme.
But how is this all happening?
The Amazon S3 (AWS) bucket can be easily switched from private to public access – with public being the default. At the speed with which organizations are moving to AWS and cloud infrastructure, it is only natural to miss something.
For example, there is increased data staging within cloud infrastructures prior to exfiltration. That means the cybercriminal makes headway in the on-prem network, but needs a place to hold the data prior to the final theft. By moving data to a cloud provider that has regular data exchange with on-prem assets, the cybercriminal can hide the growing amount of data going into the cloud infrastructure. After all, that’s a regular occurrence – no alert triggered.
Then, when you take into account the default openness of S3, theft becomes even easier. Imagine a commercial mover putting your furniture into a moving van. No shock here, that seems like normal asset movement. But then, an accomplice walks up to the fully loaded van, key in the ignition and drives away. This is not a perfect analogy, but it gets very close to the data staging and exfiltration that happens with cloud infrastructure.
With so much hastily being moved to the cloud, it is vital that organizations take a breath and make sure that the same security controls and policies that are in place on-prem are carried over to the cloud. This is extremely difficult to do ad-hoc or manually.
But what if you automated policy controls irrespective of future assets/infrastructure? Organizations who automate policy controls and management are able to bring any new device or infrastructure into production with consistency across any new instance. Imagine setting a rule or policy once and then having that policy applied to any future instances – automatically. In this context, you no longer have to sacrifice security for speed. Leading organizations are taking these kinds of steps.
First, Cloud Infrastructure Security Brokers (CISB) serve as a clearing house for all new cloud infrastructure within the organisation. By incorporating these elements, you gain a degree of governance around which policies and controls go into any new cloud service.
Secondly, a policy management console with the flexibility to handle heterogeneous infrastructures and devices is invaluable. Most organizations have a hodge-podge of various vendors for their security infrastructure (e.g. Palo Alto Networks, Juniper, Fortinet, AWS, Check Point, and many others). But with automated policy management, these systems are treated as devices with relevant data, configurations that can be cloned, policies that can migrate from device-to-device and controls that bring order to the heterogeneity. A policy management console gives organizations this kind of flexibility. As a bonus, policy management consoles can automate controls and actions to close any gaps new cloud services bring into production – including AWS and the now infamous S3 bucket that is regularly left ajar.