Five Cloud Security Breaches That Show Enterprises Still Don’t Get It
A series of data breaches caused by shockingly irresponsible data storage practices may indicate that many enterprises are still treating cloud security as an afterthought.
Misconfigured Amazon Web Services S3 storage is the culprit in several of the recent exposures, but the common element for all is that enterprise customer data was stored without adequate security measures, with either simple username and password protection, or none at all.
“They inherently believe they get all these magical properties of security by moving [to the cloud], and it just doesn’t happen,” said Josh Douglas, chief strategy officer for cyber services at defense, civil government and cybersecurity giant Raytheon.
Big data companies and household corporate names should have processes in place to prevent customer or sensitive corporate data from being left unprotected, and to detect misconfigurations. Additionally, two-factor authentication was not used in any of the five leaks below, and may have prevented each of them.
“It is a basic part of cyber hygiene, and while it might not have prevented the intrusion altogether, it would have at least slowed the attackers and forced them to use more sophisticated methods,” Douglas said.
While the responsibility for protecting data lies with the enterprise and its partners, the apparent lack of sound cloud security practices is an opportunity for service providers and consultants.
Click through the slideshow to see five recent security breaches that could have been prevented.