Published: 25/09/17 by Gulraj Rijhwani
There seems to have been a rash, recently, of data exposures that were down to no more than bad configuration of cloud resources.
The latest of note is the leak from US vehicle tracking and recovery service SVR of over half a million vehicle records including their tracking IDs, tracker IMEIs, login details, e-mail addresses, vehicle identification numbers and actual tracking information. The information was found online by security researchers, in a poorly secured Amazon storage bucket. It is not known how long the data was publicly visible for, or indeed whether any other unauthorised parties than the researchers had accessed it before the security configuration was tightened up in response to the report.
Cloud services bring with them great potential business benefits of resource on demand and scalability, but they also present huge risks if not managed properly. It is often said in systems operations circles that “cloud is just another name for someone else’s gear you don’t own and have no physical control over”. That may be a gross over-simplification, but incidents like this only serve to underline that sentiment. When using third party services of any kind – but especially those based on a very public access interface – it is imperative that the security position is understood and managed before allowing production processes and data anywhere near the platform. And humans make mistakes, so no matter how well founded the platform originally, operational change can introduce errors. Any working environment needs to be regularly checked and re-checked for faults, but all the more so when the infrastructure is cloud-based.
If you would like to discuss testing and monitoring options for your online operations, get in touch to speak with one of our team about how we can help monitor and reduce your exposure.
10th Floor, 3 Hardman Street
1st Floor, 138a Main Street