Check Your Cloud Permissions!

As we are seeing by the recent breaches of well-known brands (WWE, Verizon, Dow Jones) the public clouds are becoming the source from which the data is being obtained.  The easy way to describe what has been happening is a cloud version of a file server (Blob storage – Microsoft Azure Storage, AWS S3 Storage) has been populated with sensitive files and then permissions were set to allow a very large number of people access to those files.  These recent breaches are not the direct fault of the cloud vendor but rather humans or processes created by humans not knowing how to configure proper security within the clouds. 

One could argue that the cloud providers should not allow one to configure permissions in this manner but that is not the correct way to look at it as there are use cases for which those configurations are valid.  Knowing how to configure cloud resources is a very important step as the power of the cloud is the fact that it is very flexible to many varying needs.  Depending on the cloud provider they may have built-in tools to check the configuration of the environment to ensure basic levels of security.   If the person or process doing the configuration is unaware of the tools available to them they are at a disadvantage and will potentially be leaving a vector open for a breach to occur as was the case in the recent breaches.

The cloud is endlessly flexible but at the end of the day, it is NOT easy to do correctly.  Many of the technologies and methodologies to manage the cloud are the same as they have always been within traditional IT infrastructures.  However, there are many differences which require having the knowledge and skills to configure the resources correctly to avoid a major security incident.

If you are ready to consider the cloud or would like to discuss security of the cloud further, contact Thrive today!