- Security TWENTY
- Women in Security
Earlier this year, researchers from UpGuard’s Cyber Risk Team reported its identification of a potentially massive data records leak involving a personal and business data search service company, writes Chris Steffen, technical director at Cyxtera, a data centre, cloud computing, cybersecurity and analytics product company.
LocalBlox, the US-based private intelligence platform, had inadvertently left a considerable portion of the data it had gathered in an unsecured public, albeit unlisted, Amazon S3 storage bucket. The lack of password protection meant the storage repository was open for anyone to access, and exposed its contents of 48 million records with detailed personal information.
According to Upguard, the data profiles appear to have been collected from multiple sources. The exposed data included names, addresses, birth dates, and other public information scraped from publicly available sources, including social media websites like LinkedIn, Facebook and Twitter as well as Zillow real estate data, all linked by IP addresses.
Organisations are taking advantage of the cloud for its scalability, flexibility and operational efficiencies. Yet most are challenged to secure cloud-based data and applications for several reasons. Each cloud vendor takes a different approach to user access policy and configuration, leaving security teams to manage disparate security models. In addition, most cloud providers still use traditional network access models, limited to source and destination IP address controls. As a result, this leads to over-privileged access, which introduces a significant security gap.
Organisations looking to use the public cloud to run mission critical workloads and store sensitive data would be wise to implement information security best practices long before implementation. There are many network security solutions that can integrate and augment the basic security tools and configurations provided by the public cloud vendors, and organisations should evaluate those security solutions before moving data and workloads to the cloud.
At a bare minimum, organisations using AWS should take full advantage of the security tools offered natively in AWS. In the case of Localblox, it appears that they did not do this.
Along with implementing AWS security tools, organisations should look at robust third-party security solutions. For example, an identity-centric, network enforced software-defined perimeter solution can secure hybrid IT environments, including AWS. With this type of solution, organisations would be able to enforce a standard set of security controls across all of their environments, while integrating with the security tools and groups provided by AWS.
In addition to the best practices for securing S3 buckets provided by AWS, the ideal scenario is to integrate identity and access management solutions with a network security solution that micro-segments workloads and data so they are accessed by only those individuals authorised to use them. This would provide the granular access needed by many regulatory and vendor management controls, while ensuring that the data is only accessed by those with a business need.
To limit the damage from hackers who abuse credentials, organisations need to implement a new model that creates one-to-one network connections between users and the data they access. This software-defined perimeter (SDP) model overcomes the constraints of traditional tools by effectively creating an individualised perimeter for each user. As a result, the attack surface area is reduced by hiding network resources from unauthorised or unauthenticated users.
Companies need to establish trust with the organisations that they acquire data from, and implement appropriate data access and protection controls throughout their environments. Given the rise of data protection and privacy regulations, the legal implications could be serious.
As organisations come to the realisation that traditional network security is failing them, a software-defined perimeter solution needs to be considered, to secure not only on-premises environments, but just as important, cloud-based environments like AWS.