{"id":6010,"date":"2021-10-22T11:41:08","date_gmt":"2021-10-22T08:41:08","guid":{"rendered":"https:\/\/blog.eset.ee\/?p=6010"},"modified":"2026-06-14T10:27:00","modified_gmt":"2026-06-14T07:27:00","slug":"plugging-the-holes-how-to-prevent-corporate-data-leaks-in-the-cloud","status":"publish","type":"post","link":"https:\/\/blog.eset.ee\/et\/en\/2021\/10\/22\/plugging-the-holes-how-to-prevent-corporate-data-leaks-in-the-cloud\/","title":{"rendered":"Plugging the holes: How to prevent corporate data leaks in the cloud"},"content":{"rendered":"<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Forget shadowy attackers deploying bespoke zero-day exploits from afar. A&nbsp;<a href=\"https:\/\/www.welivesecurity.com\/2019\/10\/29\/what-you-may-be-getting-wrong-about-cybersecurity\/\" target=\"_blank\" rel=\"noreferrer noopener\">risk that is far more real<\/a>&nbsp;for organizations as they embark on ambitious digital transformation projects is human error. In fact, \u201cmiscellaneous errors\u201d accounted for 17% of data breaches last year,&nbsp;<a href=\"https:\/\/www.welivesecurity.com\/2021\/05\/14\/verizon-dbir-2021-phishing-ransomware-threats\/\" target=\"_blank\" rel=\"noreferrer noopener\">according to Verizon.<\/a>&nbsp;When it comes to the&nbsp;<a href=\"https:\/\/www.welivesecurity.com\/2021\/08\/05\/why-cloud-security-key-unlocking-value-hybrid-working\/\" target=\"_blank\" rel=\"noreferrer noopener\">cloud<\/a>, there\u2019s one particular trend that stands out above all others: misconfiguration. It\u2019s responsible for the leaks of billions of records every year and remains a major threat to corporate security, reputation and bottom line.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Mitigating this persistent human-shaped threat will require organizations to focus on gaining better visibility and control of their cloud environments \u2013 using automated tooling where possible.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:heading \u2013><\/p>\n<h2>How bad are cloud data leaks?<\/h2>\n<p><!\u2013 \/wp:heading \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p><a href=\"https:\/\/www.welivesecurity.com\/2020\/05\/07\/digital-transformation-could-be-accelerated-covid-19\/\" target=\"_blank\" rel=\"noreferrer noopener\">Digital transformation<\/a>&nbsp;saved many organizations during the pandemic. And now it\u2019s seen as the key to driving success as they exit the global economic crisis. Cloud investments sit at the heart of these projects \u2013 supporting applications and business processes designed to power new customer experiences and operational efficiencies.&nbsp;<a href=\"https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2020-11-17-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-grow-18-percent-in-2021\" target=\"_blank\" rel=\"noreferrer noopener\">According to Gartner<\/a>, global spending on public cloud services is forecast to grow 18.4% in 2021 to total nearly $305 billion, and then increase by a further 19% next year.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>However, this opens the door to human error \u2013 as misconfigurations expose sensitive data to malicious actors. Sometimes these records contain personally identifiable information (PII), such as the leak affecting millions at a&nbsp;<a href=\"https:\/\/www.welivesecurity.com\/2020\/11\/10\/data-millions-hotel-guests-exposed-leak\/\">Spanish developer of hotel reservation software<\/a>&nbsp;last year. However, sometimes it\u2019s arguably even more sensitive. Just last month it&nbsp;<a href=\"https:\/\/www.welivesecurity.com\/2021\/08\/17\/nearly-2-million-records-terrorist-watchlist-exposed-online\/\" target=\"_blank\" rel=\"noreferrer noopener\">emerged that a classified US terrorist watchlist<\/a>&nbsp;had been exposed to the public internet.<em>READ NEXT:&nbsp;<a href=\"https:\/\/www.welivesecurity.com\/2017\/11\/08\/five-tips-keeping-database-secure\/\">Five tips for keeping your database secure<\/a><\/em><em><\/em><\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>The bad news for organizations is that threat actors are increasingly scanning for these exposed databases. In the past, they\u2019ve been&nbsp;<a href=\"https:\/\/www.welivesecurity.com\/2020\/07\/02\/thousands-mongodb-databases-ransacked-held-ransom\/\">wiped and held to ransom<\/a>, and even targeted with&nbsp;<a href=\"https:\/\/www.riskiq.com\/blog\/labs\/magecart-amazon-s3-buckets\/\" target=\"_blank\" rel=\"noreferrer noopener\">digital web skimming code.<\/a><\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>The scale of these leaks is astonishing:&nbsp;<a href=\"https:\/\/newsroom.ibm.com\/2020-02-11-IBM-X-Force-Stolen-Credentials-and-Vulnerabilities-Weaponized-Against-Businesses-in-2019\" target=\"_blank\" rel=\"noreferrer noopener\">an IBM study<\/a>&nbsp;from last year found that over 85% of the 8.5 billion breached records reported in 2019 were due to misconfigured cloud servers and other improperly configured systems. That\u2019s up from less than half in 2018. The figure is likely to keep on rising until organizations take action.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:heading \u2013><\/p>\n<h2>What\u2019s the problem?<\/h2>\n<p><!\u2013 \/wp:heading \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p><a href=\"https:\/\/www.gartner.com\/smarterwithgartner\/why-cloud-security-is-everyones-business\/\" target=\"_blank\" rel=\"noreferrer noopener\">Gartner predicted<\/a>&nbsp;that by 2020, 95% of cloud security incidents would be the customer\u2019s fault. So who\u2019s to blame? It boils down to a number of factors, including a lack of oversight, poor awareness of policies, an absence of continuous monitoring, and too many cloud APIs and systems to manage. The last is particularly acute as organizations invest in multiple hybrid cloud environments.&nbsp;<a href=\"https:\/\/www.flexera.com\/blog\/cloud\/cloud-computing-trends-2021-state-of-the-cloud-report\/\" target=\"_blank\" rel=\"noreferrer noopener\">Estimates suggest<\/a>&nbsp;that 92% of enterprises today have a multi-cloud strategy, while 82% have a hybrid cloud strategy ramping up complexity.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:image {\"id\":6011,\"sizeSlug\":\"full\",\"linkDestination\":\"none\"} \u2013><\/p>\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"563\" src=\"https:\/\/blog.eset.ee\/wp-content\/uploads\/2021\/10\/cloud-misconfiguration-corporate-data-leaks-prevention.jpg\" alt=\"\" class=\"wp-image-6011\" srcset=\"https:\/\/blog.eset.ee\/wp-content\/uploads\/2021\/10\/cloud-misconfiguration-corporate-data-leaks-prevention.jpg 1000w, https:\/\/blog.eset.ee\/wp-content\/uploads\/2021\/10\/cloud-misconfiguration-corporate-data-leaks-prevention-190x107.jpg 190w, https:\/\/blog.eset.ee\/wp-content\/uploads\/2021\/10\/cloud-misconfiguration-corporate-data-leaks-prevention-768x432.jpg 768w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/figure>\n<p><!\u2013 \/wp:image \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Cloud misconfigurations can take many forms, including:<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:list \u2013><\/p>\n<ul>\n<li><strong>A lack of access restrictions.&nbsp;<\/strong>This includes the common issue of public access to AWS S3 storage buckets, which could allow remote attackers to access data and write to cloud accounts.<\/li>\n<li><strong>Overly permissive security group policies.<\/strong>&nbsp;This could include making AWS EC2 servers accessible from the internet via SSH port 22, enabling remote attacks.<\/li>\n<li><strong>A lack of permissions controls.&nbsp;<\/strong>Failure to limit users and accounts to least privilege can expose the organization to greater risk.<\/li>\n<li><strong>Misunderstood internet connectivity paths<\/strong><\/li>\n<li><strong>Misconfigured virtualized network functions<\/strong><\/li>\n<\/ul>\n<p><!\u2013 \/wp:list \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Shadow IT can also increase the chances of the above happening, as IT will not know whether cloud systems have been configured correctly or not.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:heading \u2013><\/p>\n<h2>How to fix cloud misconfiguration<\/h2>\n<p><!\u2013 \/wp:heading \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>The key for organizations is to automatically find and fix any issues as quickly as possible. Yet they\u2019re failing.&nbsp;<a href=\"https:\/\/resources.fugue.co\/state-of-cloud-security-2021-report\" target=\"_blank\" rel=\"noreferrer noopener\">According to one report<\/a>, an attacker can detect misconfigurations within 10 minutes, but only 10% of organizations are remediating these issues within that time. In fact, half (45%) of organizations are fixing misconfigurations anywhere between one hour and one week later.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>So what can be done to improve things? The first step is understanding the shared responsibility model for cloud security.&nbsp;<a href=\"https:\/\/www.cloudpassage.com\/articles\/shared-responsibility-model-explained\/\" target=\"_blank\" rel=\"noreferrer noopener\">This denotes<\/a>&nbsp;which tasks the cloud service provider (CSP) will take care of and what falls under the remit of the customer. While CSPs are responsible for security&nbsp;<em>of<\/em>&nbsp;the cloud (hardware, software, networking and other infrastructure), customers must take on security&nbsp;<em>in<\/em>&nbsp;the cloud, which includes configuration of their assets.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Once this is established, here are a few best practice tips:<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p><strong>Limit permissions:&nbsp;<\/strong>Apply principle of least privilege to users and cloud accounts, thereby minimizing risk exposure.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p><strong>Encrypt data:<\/strong>&nbsp;Apply strong encryption to business-critical or highly regulated data to mitigate the impact of a leak.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p><strong>Check for compliance before provisioning:&nbsp;<\/strong>Prioritize infrastructure-as-code and automate policy configuration checks as early as possible in the development lifecycle.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p><strong>Continuously audit:&nbsp;<\/strong>Cloud resources are notoriously ephemeral and changeable, while compliance requirements will also evolve over time. That makes continuous configuration checks against policy essential. Consider Cloud Security Posture Management (CSPM) tools to automate and simplify this process.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>With the right strategy in place, you\u2019ll be able to manage cloud security risk more effectively and free up staff to be more productive elsewhere. As threat actors get better at finding exposed cloud data, there\u2019s no time to waste.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Forget shadowy attackers deploying bespoke zero-day exploits from afar. A&nbsp;risk that is far more real&nbsp;for organizations as they embark on ambitious digital transformation projects is human error. In fact, \u201cmiscellaneous errors\u201d accounted for 17% of data breaches last year,&nbsp;according to Verizon.&nbsp;When it comes to the&nbsp;cloud, there\u2019s one particular trend that stands out above all others: [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":6027,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[155],"tags":[],"class_list":["post-6010","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-how-to"],"acf":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/6010","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/comments?post=6010"}],"version-history":[{"count":0,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/6010\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media\/6027"}],"wp:attachment":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media?parent=6010"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/categories?post=6010"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/tags?post=6010"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}