Cloud Misconfigurations: A Surging but Overlooked Threat

November 2, 2020

Enterprises are migrating their workloads to the cloud with the promise of lower costs, increased agility, and greater flexibility. But misconfigured cloud services are a fast-growing source of data breaches. Ameesh Divatia, co-founder and CEO of Baffle, shares some best practices to secure the data analytics pipeline and improve encryption techniques.

Misconfigured cloud services are one of the fastest-growing sources of data breaches today. The statistics are astounding. Misconfigured cloud databases are attacked 18 times per day and within only hours of coming online. And the latest Verizon Data Breach Investigations Report found more than 40% of all error-related breaches involved misconfigurations.

Last year’s massive Capital One breach is an example of the latter to the tune of 100 million exposed customers. At the time, CapitalOne said they “fixed the configuration vulnerability.” But, as it turned out, someone had already stolen the data out of the AWS S3 buckets. And the company now faces an $80 million fine for “failing at security in the cloud.” This incident clearly illustrates that identifying issues after the data is stolen is of no use.

 

(Link to the Article)