The frustration cannot be only felt by me for Data Leakage. As said by Paolo who is Cyber intelligence Principal. We are getting reports of constant leakages of data from the data. It seems like another day can not go by without any other incident that happened and being reported. However, none of this seems enough to serve as a cry for a change.
The scale and the number of leakages have both been increasing. Moreover, the impact of those affected by the leakage of data is increasing too. The media pays more attention if the leakage of data is worth their attention by the name of the brand and the fame it has. However, it should pay attention to what the data was which was leaked and what is the number and type of data involved.
More to Data Leakage
The marketing and data analytics company has recently left an unsecured server of Elasticsearch exposed. This had compromising data of nearly 21 million individuals. The number also includes records that were duplicated and obsolete entries but considering the population of Ecuador is 16.6 mill, it is a huge number
AWS leaky S3 buckets are the most typical crime scenes for the unsecured data in the LionAir and cloud. The company has left an AWS bucket exposed which contained personal information of many. These included passport numbers as well which belonged to millions of people. The name of big people often are behind the organization are not known as much with the supply chain incidents. In another example, the company Attunity had also left data that belonged to Netflix, TD Bank and Ford to be publically accessible.
There are many incidents. However, they will not answer why Data Leakage continues to happen
The fourth security alliance threat report shows that most of the people are not blind to the risks. Industry experts of 241 have placed breaches of data, misconfiguration of cloud infrastructure and lack of security for cloud the top 3 risks. Moreover, all enterprise consumers of the cloud are not experts. The majority, however, that is responsible for the infrastructure of the cloud are. So we will assume that the risk of the cloud. Too many companies still don’t completely get the shared model of responsibility. It is where the responsibility of the cloud provider ends. Moreover where the customer responsibility begins. A tiny change can make a huge difference.
in an ideal world, the model is straightforward. However, the world is far from ideal. Too many companies are ignoring the duties they have relating to the security of data in the cloud. This week, new research was found which told that 32% of the companies in protecting data in the cloud is their own responsibility. In many cases, the shared responsibility is further not clear through the complex supply chain as the examples above showed. It is mostly the third party who is enforcing all the measures that are necessary for data security in the cloud. There is a chain of trust which is very often with consequences that are devastating. The breaches become additional that the security of the chain is the core element of strategy security and security of the cloud is no exception.
Further into Data Leakage
The education of use plays a crucial role in avoiding cloud security issues. However, there are many tools that automate the process of cloud use and can help in educating the users as they go for it. The tools are straightforward and are easy to use. They have a rule that is to ensure that the S3 bucket is not accessible to the public. This prevents the ransacking of the records on the public database with the simple rules to alert the customers. They then take necessary actions if they find a port to be. A simple configuration can prevent a huge breach like one that took place in Ecuador and that too can demonstrate that man time, the solutions are very easy than the initial problem.
With the high speed of migration to the cloud for the companies, security minds should also be changed. And strategies should be in place to deal with attackers. This is the fault of both individuals and companies who ignore the misconfigurations in the cloud. And expose their data to potentially 3.2 billion people. There was a time when managers would tell not to leave the post-it notes on the screens of their monitors that can make passwords visible to their colleagues. The issue hasn’t completely gone. It now pales in the comparison to the exposure of whole companies data that left in public access on cloud buckets. This isn’t by anyone on the internet.
The companies should work to redefine the concepts of security in data in the cloud and enforce controls on security. This would reimage the perimeter in such a way that it is cloud smart. Data-centric and fast so it cannot prohibit innovation or productivity.