Express Computer
Home  »  Cloud  »  82% of databases in public cloud computing environments not encrypted, finds study

82% of databases in public cloud computing environments not encrypted, finds study

0 371

The ‘Cloud Infrastructure Security Trends’ released by RedLock, reveals several interesting insights about the vulnerabilities in major cloud environments, despite stated best practices. In 2017, the RedLock CSI team discovered 4.8 million exposed records that contain sensitive data belonging to dozens of organizations ranging from small businesses to Fortune 50 companies.

The data in the report is based on the RedLock CSI team’s analysis across customer environments which comprises of over one million resources that are processing 12 petabytes of network traffic. In addition, the team also actively probed the Internet for vulnerabilities in public cloud infrastructure.

As a best practice, databases containing sensitive data should always be encrypted. Failure to do so may result in violations to compliance mandates such as PCI and HIPAA. Shockingly, the team determined that 82% of databases in public cloud computing environments such as Amazon Relational Database Service and Amazon RedShift are not encrypted.

To make matters worse, 31% of those databases were accepting inbound connection requests from the internet, which is a very poor security practice. Most notably, MongoDB instances saw significant inbound traffic with port 27017 being amongst the top five ports for inbound internet connections.

On a similar note, RedLock CSI researchers also discovered that 40% of organizations using cloud storage services such as Amazon Simple Storage Service (Amazon S3) had inadvertently exposed one or more such services to the public. In March 2017, at least 20,000 customer records containing sensitive data were exposed at Scottrade due to such a misconfiguration.

Network traffic
It is a common belief that data in transit should generally be encrypted. However, the research revealed that 51% of the network traffic in public cloud infrastructure environments is still occurring on port 80, the default web port that receives clear (unencrypted) traffic. This makes the network vulnerable to man-in-the-middle attacks.

Ideally, only load balancers and bastion hosts should be exposed to the Internet. However, the team found that 9% of workloads that were neither load balancers nor bastion hosts were accepting traffic from any IP address on any port.

Best practices dictate that outbound access should be restricted to prevent accidental data loss or data exfiltration in the event of a breach. Analysis showed that an alarming 93% of resources in public cloud environments do not restrict outbound traffic at all. The research revealed that 58% of root accounts do not have multi-factor authentication (MFA) enabled. If any root user account is compromised, the hackers will have keys to the kingdom. This is disturbing given the number of recent high-profile breaches involving weak authentication.

On a similar note, 63% of access keys have not been rotated in the last 90 days. This makes it easy for malicious actors to leverage compromised keys to infiltrate cloud environments as privileged users. The team also discovered that 14% of user accounts are dormant where credentials are active but no logins have occurred in the last 90 days. This introduces unnecessary risk to the public cloud computing environment.

Compliance failure
The research indicates that on average, organizations fail 55% of compliance checks established by the Center for Internet Security (CIS). More than half the violations (54%) are high severity issues such as having security groups that allow inbound SSH connections. Medium severity violations such as not enabling multi-factor authentication for all IAM users represent 37% of the issues. Lastly, 9% of the violations are low severity issues such as not logging Amazon Simple Storage Service (S3) bucket access.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image