A hobby for many security consultants is finding easily, exploited weak spots in major cloud storage and service providers. These guys do it with a positive mission, but we guarantee the criminals out there are doing the same thing and will be delighted to steal your insecure data.
By Chris Knight
Kevin Beaumont is a high profile security consultant and when he tweets about weaknesses in cloud systems (like the recent Capital One leak from Amazon’s AWS) you can bet plenty of hackers are taking notice. That and when Amazon S3 data buckets are a high profile topic of discussion at DefCon hacker events, you just know the risks of using them in an insecure manner are high.
The issues are two-fold. Despite the automated nature of using cloud services, there are still people involved, and all it takes is one grumpy current or ex-employee with the right log-in details to siphon off your data, or there can be someone working at a third party with access who might decide they can make some money.
The second issue is the classic use of weak passwords/login details and not checking system logs to see who is accessing those services and your data. So many businesses are reliant on their data, but lack the time or security awareness to check the data is secure and that access rights are managed, and passwords changed on a regular basis, especially when someone leaves the business.
There’s a risk that many businesses don’t even know what an EBS snapshot is (elastic block storage). If these are not correctly configured, anyone can go browsing through them and find data, application keys and other information of use, putting the entire business at risk.
Protecting Your Cloud and Other Services
This hacker’s paradise is the result of businesses lacking the basic security information or expertise as they grow. IT security awareness needs to be at the heart of every business decision and IT process, from secure networking to strong access rights. And if your company lacks that knowledge then a secure partner needs to be involved, and today is the bare minimum you should be starting on that journey as tomorrow could be too late.
Without securing the business, your client information could be stolen leading to prosecutions and fines. Your databases could be kidnapped by ransomware or wiped, crippling the business, or sold to rivals. Even losing access to services can damage a company’s reputation and revenue.
As the number of IT-related security incidents grows, your business might not seem like a target. But, the more cloud and third-party services you rely on – and the more people who have access – the risk increases. Amazon and other cloud providers has their own security, but it is down to individuals to manage all the features and settings properly, something that creates weak points, especially when all eyes are focused on growing the business.
Having an expert on hand can bolster your security and identify weakpoints across the businesses’ IT infrastructure, making KokoBo.net’s services an essential that could save any company from a crisis or prevent it from going out of business.