The Honda story
In early July, Honda Motor Company, one of the world’s largest automobile manufacturers with offices across the globe reportedly exposed 134 million rows of sensitive data as a result of an unprotected, internet-accessible ElasticSearch database.
It was reported that the database contained information relating to the internal network and computers of Honda. This information included the machine hostname, MAC address, IP, OS version, installed patches, employee name, department, last login, employee number, details of endpoint security systems and the name of the security vendor; and which machines have endpoint security enabled and their status. An attacker could easily discover any weakness within Honda’s internal network on the basis of the exposed information. The security researcher who discovered the vulnerability found that the 134 million documents amounted to 40GB of approximately 3.5 months’ worth of data, and 40,000 data points were being added to the database every day.
Along came Capital One
Towards the end of July, it was reported that a hacker gained access to more than 100 million Capital One customer’s accounts and credit card applications across the US and Canada. The hacker broke into the Capital One server gaining access to 140,000 Social Security numbers, one million social insurance numbers and 80,000 linked bank account numbers, in addition to the personal information Capital One collects at the time of credit card applications. The attack was reportedly the result of a misconfiguration error at the application layer of a firewall installed by Capital One and the broad permissions set by Capital One.
The Misconfiguration Woe
While cloud misconfiguration appears to be the most common cause of cloud security breaches, reports suggest that 99% of these misconfigurations go unnoticed. Enterprises often overlook the shared responsibility for the cloud and assume that their cloud provider will take care of the security. They are not aware that the security of what they put in the cloud, particularly the sensitive data, is their own responsibility.
Gartner has predicted that “Through 2022, at least 95% of cloud security failures will be the customer’s fault,”. The “Human Error” is the most common cause of cloud misconfigurations.
Misconfigurations will creep up as enterprises become more agile and your DevOps team start spinning up infrastructure using code. The same one line of code that spins up a compute instance can also expose the same to the public internet. You definitely need the agility, so ensure that there are sufficient guard rails in place that can catch the misconfigurations as and when they occur, alert your security teams and if possible, auto-remediate the violation.
The common types of misconfigurations are:
- Security Group Misconfiguration that allows an attacker to access cloud-based servers and exfiltrate.
- Failure to implement restrictions and safeguards to prevent unauthorised access.
- Lack of least privilege principle that will help limit permissions to only what is actually required to perform necessary tasks.
How to avoid these misconfigurations?
Organisations should implement certain best practices to secure their cloud assets and prevent misconfiguration.
- Apply the principle of least privilege to ensure that employees do not have unnecessary accesses and privileges. Over privileged identities continue to be one of the biggest threat vectors in the cloud.
- Implement frequent audit checks in your cloud against industry best practices like CIS benchmarks and NIST Cyber Security Frameworks.
- Maintain audit logs to track user activity. This is a must-have.
- Encrypt all data.
- Automate security policy compliance since employees may not always be aware of the policies and configurations and may not act in accordance with the policies.
How can Cloud Control help?
Cloud Control helps enterprises identify misconfigurations in real-time and can remediate instantly. While the ideal time for remediation of a security issue is less than two hours, enterprises often take days to identify a security issue before it can be remediated. Cloud Control brings in automation to the entire cloud security and compliance management cycle. Cloud Control thereby enables enterprises to automate policy enforcement, security governance, impose compliance, and implement security across their cloud infrastructure. The challenge of shared responsibility is automated, and security monitoring and remediation are made continuous and real-time. In addition to this Cloud Control has identity and access management capabilities which ensures that users have only the privileges and access that are required to perform their tasks and nothing more.