How Did That Cloud Breach Happen?

Google Cloud
Cloud Breach

The cloud has often been touted as a secure way to store and access data without the high costs of large-scale onsite storage. Unfortunately for many customers, the cloud is not always as secure as they might like, whether because the provider has security weaknesses or because the customers themselves fail to observe best practices.

To protect your data, you need cloud database security. Many companies that rely on the cloud find themselves victims of data breaches or supply chain attacks, a frustrating turn of events when the assumption is that the cloud is more secure than a traditional data storage environment. However, many of these cloud breaches are preventable by the customers, and there are ways to increase your control over your data.

Data Security is Challenging in the Cloud

While the cloud is useful for many things, from automated and frequent backups to off-site, cost-effective storage, it has security flaws. Your data is stored online rather than on a local device, which means that any way that someone accesses the data is a potential attack vector. An attacker could steal credentials or compromise someone’s account to access the data as well. Cloud companies may also have spotty security track records, which doesn’t help.

To adjust to surging storage needs and rising costs, many companies are increasingly adopting and relying on cloud infrastructure for data storage, website hosting, and day-to-day business operations. Although customers often assume that the cloud provider covers security, most agreements delineate a shared responsibility model. Theoretically, this means that the customer is fully informed of their own responsibilities and those of the provider. On the other hand, have you read a Terms & Conditions page lately?

Inadequate measures to secure their own data puts the customers at risk, as does the increasingly popular multi-cloud environment, which is a setup with multiple cloud service providers in one customer environment. Differing and potentially conflicting security protocols combined with the complexity of users accessing multiple platforms from multiple providers is chaotic (and chaos does not typically make security any easier). It may be tempting for many customers to blame the cloud providers, but Gartner estimates that 99% of cloud breaches occur due to the customers’ failure to configure their environment correctly.

The Challenges of Incident Response in the Cloud

Misconfigurations are very easy to create and sometimes very difficult to find and fix. Many IT departments are stretched thin, so security teams often forget small details or neglect protocols. Unfortunately, once the system is misconfigured, tracking down a mislabeled asset or unnecessary access is often not a priority. Many cloud breaches happen because a misconfiguration doesn’t have a firewall around it, leaving the vulnerability open to attack. Some cloud providers, like Google, keep suboptimal logs, which makes understanding the details of the issues difficult.

The lack of effective logging also prevents both cloud providers and customers from knowing whether any of their data have been compromised. As a result, accurate assessment of the damage is nearly impossible, which makes it difficult to respond appropriately to the incident. When determining whether to notify their own customers, companies want to be able to say whether or not data were compromised. It’s tough to keep customers if they no longer trust you to keep their data safe or to explain how that data became compromised. If you don’t know how a cloud breach happened, your customers will not have much confidence in your security in the future.

Achieving Cloud Data Visibility and Security

Even so, all is not lost. Visibility and security control are needed to lower companies’ risk of incidents and, when an incident does happen, their ability to respond appropriately. To keep a similar incident from happening again, customers of cloud providers need to understand how they have contributed to creating vulnerabilities and work to fix them.

Managed cloud database solutions can help by monitoring databases and activity, providing data discovery and classification, and sending alerts for compliance issues or policy violations. While it is often challenging to understand how a cloud data breach happened, implementing monitoring and alerts can give you a much better idea of where your vulnerabilities are. Once you know where they are, the problems are much easier to protect and fix.

Overall, companies who work with cloud service providers need to be aware of the shared responsibility model as well as the increased risks of a multi-cloud environment. Knowing your own responsibilities and risks will go a long way toward better database security. Similarly, knowing where your vulnerabilities are enables you to better protect your databases and, should you suffer a breach, how your databases were compromised. You might never know how a breach happened when your cloud provider is at fault, but the vast majority of the time, database security is both your responsibility and under your control.