Three Ways Your “Secure” Cloud Can Leak Data

The safest way to survive in a big corporation is to always make the obvious choice.  If you’re tasked with buying tablets for a division, always buy the iPad.  If you choose iPads and they work poorly, nobody will give you too much grief for picking the obvious choice.  But if you go with Lenovo Yoga tablets and they work poorly, you’ll never stop hearing about why you should have just went with iPads.

That logic might keep you safe in a big corporation, but it fails when it comes to data security.  That’s because the ubiquitous choices – the giant cloud data providers – are more interested in being everything to everyone than they are in ensuring a highly secure environment.  That’s not to say that Amazon doesn’t have highly secure cloud configurations; they do, and corporations and governments use Amazon’s services to store sensitive data.  But Amazon also will let you unlock the door (or prop it wide open) if you want.

Put succinctly, your data isn’t going to be safe just because you picked Amazon, or Microsoft or Google.  Here are a few examples of why you need to have an experienced cloud networking engineer examine your cloud configuration to make sure it’s secure, reliable and backed up regularly.

Secure Cloud Can Leak Data The AWS Open Door Policy – Amazon’s S3 is a storage system where data is famously public if the server is misconfigured.  Recently, 540 Million Facebook users had their data placed online by a third-party app creator for anyone to access.  Within the past couple of years alone, terabytes worth of data profiles, passports, medical records and other personal information has been found on misconfigured S3 servers, open for all to see.

Microsoft Misconfigures Its Own Cloud – Earlier this year, Microsoft misconfigured an instance storing its own data on the Microsoft cloud, resulting in 14 years of customer support logs being open for anyone to access for 25 days. According to Threatpost, “The database contained a wealth of phishing- and scam-ready information in plain text, including: Customer email addresses, IP addresses and physical locations, descriptions of customer service claims and cases, case numbers, resolutions and remarks, and internal notes marked “confidential.”

Canon’s Cloud Explodes – Canon’s Cloud-based image storage platform destroyed videos and high resolution images for its users when Canon upgraded its software in late July.  Nobody using Canon’s service misconfigured anything – Canon misconfigured their entire cloud.  Due to a programming mix-up, videos and images stored for more than 30 days were permanently deleted.  They have no way to restore them.

All of these examples demonstrate the importance of configuration and backup in any cloud-based storage solution.  It’s better to be safe than sorry, and sometimes that means it’s better to have two sets of eyes – and two sets of data.  So make sure you have an expert look at your configuration and backups in place in case anything goes wrong.

To learn how WingSwept can increase your company data security and reliability, call us at 919-460-7011 or email us at Team_WingSwept@WingSwept.com.