Amazon Cloud Exposes Data--Your Company May Be Vulnerable
By: Jim Stickley and Tina Davis
November 7, 2019
Business owners of all shapes and sizes hope their data and that of their customers is securely kept. What many don’t realize is that even the best plans for securing data can go astray. Case in point, the discovery that Amazon’s Elastic Block Storage (EBS) cloud is vulnerable to public exposure. These leaks exposed snapshots with over a terabyte of data from companies like Netflix, TD Bank, and Ford. Although these companies are the largest and most notable victims, any business using EBS is susceptible to sensitive data exposure.
The leaky Amazon data is part of their EBS S3 bucket storage. Customers using S3 buckets for their data found it exposed with public-facing snapshots. This data includes system passwords, email messages, human resources details, and private consumer information.
However, security researchers found S3 data exposure is not due to bad actors. They believe the real culprit is misconfigured settings allowing the data to be set to “public.” The 2019 Verizon Data Breach Investigations Report finds 34% of data breaches are accidental and not malicious. Still, many of those in charge of cybersecurity seem to be unaware of critical settings allowing data to be publicly exposed.
Keeping a business and its data safe is no doubt a challenge. But making errors that accidentally expose confidential data can be a nightmare. There are basic safety steps that IT departments and others in charge of securing data can take. In particular, external-facing data systems need to be properly configured to ensure data isn’t publicly exposed. In the case of Amazon’s EBS, public exposure could have been avoided by choosing the correct option during setup. Proper system configuration goes a long way keeping sensitive data and other vulnerabilities in check. If you are ever unsure about configuration of your systems and their security, have someone come it to help, even if you have to pay for it. Keeping that data out of the public eye will be worth it.
Always apply security patches as soon as they are released. These patches often fix security flaws including those that inadvertently lead to data exposure and malicious infections. A well-configured system with the latest security updates provides layers of protection for your sensitive data and that of your customers.