Public Cloud services offer flexibility and scalability. However, Public Cloud security challenges are real. In most cases colocation offers a more secure environment.
A recent survey by Proofpoint of over 600 organizations revealed the following troubling responses-
- 72% of the respondents said moving to the Cloud coupled with more mobile workforces has introduced new security and compliance risks to their organization
- 75% of the respondents said the increased use of Cloud applications and services without the explicit approval of the IT department (Shadow IT) presents a significant security risk
- 78% of the companies surveyed say employees have accidentally exposed sensitive data stored in the Public Cloud
Lightspin, an Israeli Cloud penetration testing company, recently conducted an analysis of AWS and found 46% of the 40,000 S3 buckets they reviewed appeared to be misconfigured and could be unsafe.
Let’s look at several recent major security breaches experienced by users of both Amazon Web Services and Microsoft Azure.
Recent AWS Breaches
A company that provides channel management software to the online travel industry had its AWS data breached. In November of 2020 a failure to appropriately configure AWS Simple Storage Service (S3) buckets left over 24 GB of data with over 10 million files exposed. Data going back 10 years including credit card information, email addresses, and phone numbers was compromised.
In March of 2021 over 50,000 patient records with Protected Health Information (PHI) including medical insurance identification, driver’s licenses, and passport information was leaked in Utah. The company that was attacked was providing COVID testing services and incorrectly setup AWS S3 buckets to store test results.
This past summer dozens of municipal governments had over 1 TB of data across 1.6 million files exposed. A Geographic Information System (GIS) used by these local governments was built upon AWS. Once again S3 buckets were misconfigured.
Recent Azure Breaches
It is not just AWS that suffers from security breaches. Last December an application developer left their Azure Blob Storage with 587,000 files open. Medical records, insurance documents, and other PHI were exposed.
In August, Microsoft warned thousands of Azure Cosmos DB users that their data may have been exposed. The flaw, which was remedied via a subsequent patch, could potentially allow a user to gain access to another customer’s resources. Security investigators were able to gain complete unrestricted access to the accounts and databases of several thousand Azure customers including some Fortune 500 accounts.
Enabling Public Cloud Breaches
Though criminals and disaffected employees are ultimately responsible for breaches of the Public Cloud, certain practices enable these attacks. Misconfigurations lead to Public Cloud breaches by exposing an organization’s data. The reasons why Public Cloud misconfigurations are so common include-
- There are many configuration options for the Public Cloud
- Ongoing software changes by Public Cloud providers can go unnoticed by users
- Lack of Public Cloud configuration expertise especially for Shadow IT projects
Though misconfigurations are the most frequent breach enabler, there are other things that can expose Public Cloud applications to an attack-
- Poor password practices
- Inadequate access restrictions
- Mismanaged permission controls
- Inactive data encryption
- Insufficient API security
- Neglected workloads
Shared Responsibility Model Can Cause Problems
Public Cloud service providers employ a Shared Responsibility Model to delineate responsibility for various components of security. Public Cloud providers take responsible for securing their Cloud infrastructure. Clients are responsible for the security of their applications. Client confusion about their specific security responsibilities can create security gaps that can be exploited.
Why Colocation is More Secure
Colocation is inherently more secure than the Public Cloud.
- With colocation each client can configure firewalls to provide the most protection for their organization. Public Cloud firewalls are not configurable by individual clients.
- With colocation the risks due to complex and changing configuration options are all but eliminated. Colocation clients own their systems and have much more control over any changes.
- It is much easier to prevent exposure due to Shadow IT operations since these are not conducted on the collocated systems.
- Colocation service providers such as CAPS, provide ongoing technical support and monitoring to make sure systems are operating properly and to detect inappropriate activities.