How Cloud Misconfigurations Can Lead to Customer Data Exposure

Just yesterday, ThreatPost reported that more than 1 billion records for CVS health customers were left exposed in a database of a third party vendor.  Security researchers believe that this is the result of a misconfiguration of their cloud-based storage, leading to the exposure of sensitive data.

Security researcher Jeremiah Fowler said in a post on WebsitePlanet, they found the non-password-protected database, which had no form of authentication in place to prevent unauthorized entry, on March 21. They contacted CVS Health the same day as the discovery, and the database was closed off from public view.

A CVS spokesperson confirmed the researchers’ findings, saying that CVS Health had been notified of the exposure of a publicly accessible database that contained non-identifiable CVS Health metadata. After their investigation, they determined that the database was hosted by a third-party vendor, whose name wasn’t disclosed. The database didn’t contain any personally identifiable information (PII) of customers, members or patients, the company said in a statement, and the database was quickly taken down.

Network misconfigurations in cloud environments are common.  Ray Canzanese, threat research director at Netskope, said that these types of misconfigurations that lead to exposure are common in in infrastructure-as-a-service (IaaS) providers such as Amazon Web Services (AWS), Azure and Google Cloud. Netskope’s research across the three major IaaS providers and found that over 35% of computer instances expose at least one service to the Internet.

So, what should you do about misconfigurations in the cloud? PJ Norris, senior systems engineer at cybersecurity company Tripwire, advises: “Organizations should identify processes for securely configuring all systems, including cloud-based storage, like Elasticsearch and Amazon S3. Once a process is in place, the systems must be monitored for changes to their configurations. These are solvable problems, and tools exist today to help.” Canzanese says, organizations should scan their own cloud environments automatically to discover and lock down exposed resources. He also recommended zero-trust network architecture to give employees secure access to cloud resources, whether they are hosted on-prem or in the cloud, without exposing them to the internet.

If you are looking for help with your cloud security, consider Uzado.  Uzado’s approach to securing the cloud environment involves first identifying, analyzing, and reporting on misconfigurations, vulnerabilities, and behavioral anomalies in user accounts. Every action in a cloud environment increases the potential for threats, and you must have a solution that not only identifies changes but understands the security context of them. To address the ever-changing nature of the cloud, you need a comprehensive, continuous end-to-end security and configuration support for workloads and accounts running in the cloud. If you want to learn more about cloud security, contact Uzado today.