Redlock Report: Cloud Storage Services are Misconfigured in over Half of Businesses

According to a recent study by cloud threat defense firm RedLock, more than half of businesses have made mistakes that have exposed sensitive data in the cloud.

The report reveals that as muc as 53% of organizations are not following established security best practices, such as using multi-factor authentication for all privileged account holders. Worse again, many businesses are notmonitor their cloud environments constantly which means data is being exposed and this is not being discovered.

The issue seems to be spreading. RedLock’s last report for Q2 showed 40% of businesses had misconfigured at least one of their cloud storage systems – Amazon Simple Storage Service (Amazon S3) for example. A new analysis, included in its latest Cloud Security Trends Report, shows that figure increasing to 53% between June and September 2017.

Key RedLock Report Findings

  • 53% of organizations have at least one exposed cloud storage system
  • 38% of users data could be accessed due to compromised administrative user accounts
  • 81% are not managing host weaknesses/flaws in the cloud
  • 37% of databases do not obstruct inbound connection requests from suspicious IP addresses
  • 64% of cloud databases are not encrypted
  • 45% of Center of Internet Security (CIS) compliance checks were not passed
  • 48% of Payment Card Industry Data Security Standard (PCI DSS) compliance checks do not pass
  • 250 groupss were found to be leaking login on details to their cloud environments on internet-facing web servers

The widely reported misconfigured MongoDB installations that were targeted by hackers in January 2017. Misconfigured databases were accessed, data deleted and ransom demands issued. More than 26,000 MongoDB databases were acctacked and held for ransom.

Is it not just small groups that are making mistakes that are leading to data exposure and data breaches. The Equifax data breach, which saw the records of more than 143 million Americans accessible, happened due to the failure to address a known weakness in Apache Struts; a framework that supported its dispute portal web application. Equifax CEO Richard Smith recently commented to the House Energy and Commerce Committee that the missed patch was due to an error by a single member of staff.

British insurance giant Aviva discovered one of its cloud environments had been ‘hacked’ and was being used to steal Bitcoin. Kubernetes administration consoles were used to access to its cloud database. Its administration consoles lacked passwords to these databases.

RedLock is not the only company to report on the issue. IBM X-Force said it has tracked more than 1.3 billion records that were exposed due to misconfigured servers up to September 2017.