ブログ 脅威ラボ Cloud Threats Memo: Misconfigurations as a Threat Vector Continue to Rise
Nov 08 2021

Cloud Threats Memo: Misconfigurations as a Threat Vector Continue to Rise

In this hyperconnected world, where 70% of users continue to work remotely, sharing data in real-time with partners and customers leveraging the flexibility of the cloud is a fundamental aspect for the daily operations of businesses worldwide. In this scenario, the risk of misconfigurations exposing sensitive data continues to be a serious (and frequent) concern. The incidents that have occurred so far are maybe helping to raise awareness,  however, that’s not enough, as new organizations in many different sectors are joining this unwelcome list on a regular basis. The shared responsibility model is hard to digest and too many companies are learning this concept the hard way, failing to implement basic security recommendations.

That’s the case of a US medical training school, which exposed the sensitive data of thousands of students via an unsecured AWS S3 bucket, leaking 157 GB of data containing nearly 200,000 files. Identity theft, phishing, and fraud are just a few of the criminal ways this trove of data could be exploited, should it fall in the wrong hands. And there is also the collateral reputational damage for the targeted organization, which is not so collateral, given that the loss of trust corresponds in practice to a loss of customers (more than 50% of the customer base in the worst cases) with devastating consequences especially for small-medium businesses (60% of small companies close within six months after suffering a data breach).

Pretty bad consequences like these can be avoided in a few steps.

How Netskope mitigates the risk of leaky cloud apps

Netskope Public Cloud Security detects misconfigurations on IaaS environments such as AWS, Azure, and Google Cloud Platform, preventing organizations from leaking data from publicly accessible buckets or blobs, and in general from leaving misconfigurations that can be exploited by the bad actors. A set of predefined profiles allows users to comply with best practices and industry standards such as NIST CSF, PCI-DSS, and CIS. Additionally, it is possible to easily build custom rules with Domain Specific Language. The same protection is also available for SaaS applications (such as Microsoft 365, Salesforce, GitHub, Zoom, and ServiceNow) thanks to the new SSPM (SaaS Security Posture Management) module.

Since the public cloud can also leave workloads unprotected, there has been an explosion of misconfigured remote access services (like RDP or SSH) targets of brute-force or password-spraying attacks. Netskope Private Access is the solution to mitigate this risk, allowing organizations to publish their services (hosted in a public cloud or an on-prem datacenter) in a secure manner, embracing the Zero Trust access paradigm.

Finally, Netskope Advanced Analytics provides specific dashboards to assess the risk of cloud misconfigurations, with rich details and insights, supporting the security teams in the remediation process.

Stay safe!

author image
About the author
Paolo supports Netskope’s customers in protecting their journey to the cloud and is a security professional, with 20+ years experience in the infosec industry. He is the mastermind behind hackmageddon.com, a blog detailing timelines and statistics of all the main cyber-attacks occurred since 2011. It is the primary source of data and trends of the threat landscape for the Infosec community.
Paolo supports Netskope’s customers in protecting their journey to the cloud and is a security professional, with 20+ years experience in the infosec industry. He is the mastermind behind hackmageddon.com, a blog detailing timelines and statistics of all the main cyber-attacks occurred since 2011. It is the primary source of…