Most Databases in the Cloud Are Not Encrypted

 
 
By Karen A. Frenkel  |  Posted 08-25-2017 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Most Databases in the Cloud Are Not Encrypted
    Next

    Most Databases in the Cloud Are Not Encrypted

    In violation of security best practices, the majority of databases in the public cloud are not encrypted, rendering companies vulnerable to cyber-attacks.
  • Previous
    Unencrypted Sensitive Data
    Next

    Unencrypted Sensitive Data

    82% of databases in the public cloud, such as the Amazon Relational Database Service and Amazon RedShift, are not encrypted.
  • Previous
    Inbound Internet Connections
    Next

    Inbound Internet Connections

    31% of those databases accept inbound connection requests from the internet, which is a very poor security practice.
  • Previous
    Hazards of Cloud Storage
    Next

    Hazards of Cloud Storage

    40% of organizations using cloud storage services had inadvertently exposed one or more such services to the public.
  • Previous
    Vulnerable Data in Transit
    Next

    Vulnerable Data in Transit

    51% of network traffic in the public cloud still occurs on Port 80, the default web port that receives unencrypted traffic. This makes the network vulnerable to man-in-the-middle attacks.
  • Previous
    Lack of Load Balancers and Bastion Hosts
    Next

    Lack of Load Balancers and Bastion Hosts

    Ideally, only load balancers and bastion hosts should be exposed to the internet, but 9% of workloads that were neither load balancers nor bastion hosts accepted traffic from any IP address on any port.
  • Previous
    Outbound Traffic Is Rarely Restricted
    Next

    Outbound Traffic Is Rarely Restricted

    93% of resources in the public cloud don't restrict outbound traffic, but best practices dictate that outbound access be restricted to prevent accidental data loss or exfiltration in case of a breach.
  • Previous
    Poor Governance Creates Risk
    Next

    Poor Governance Creates Risk

    58% of root accounts do not have multifactor authentication, 63% of access keys have not been rotated in the last 90 days, and 14% of user accounts are dormant, with active credentials but no logins in the prior 90 days.
  • Previous
    Kubernetes Dashboards Not Protected
    Next

    Kubernetes Dashboards Not Protected

    285 Kubernetes dashboards (web-based administration interfaces) deployed on Amazon Web Services, Microsoft Azure and Google Cloud Platform were not password-protected. Also, there were plaintext credentials to other critical infrastructures within the Kubernetes systems.
  • Previous
    Failing Compliance Checks, Part I
    Next

    Failing Compliance Checks, Part I

    On average, organizations fail 55% of compliance checks established by the Center for Internet Security. 54% of violations are high-severity, such as security groups that allow inbound Secure Shell (SSH) connections.
  • Previous
    Failing Compliance Checks, Part II
    Next

    Failing Compliance Checks, Part II

    37% of respondents had medium severity violations, such as not enabling multifactor authentication for all Identity and Access Management (IAM) users. 9% of violations are in the low severity category, including not logging Amazon S3 bucket access.
 

The majority of databases in the public cloud are not encrypted, exposing sensitive personally identifiable information (PII) and protected health information (PHI), according to a new survey. The report, "Cloud Infrastructure Security Trends," reviews major vulnerabilities in public cloud computing environments and is the work of the RedLock Cloud Security Intelligence Team (CSI), which includes Microsoft, Credit Suisse and Honeywell. So far in 2017, the CSI team has discovered 4.8 million exposed records that contained sensitive data belonging to dozens of small businesses and Fortune 50 companies, and it saved them more than $758 million in breach costs. "Public cloud computing environments are incredibly dynamic—our research shows that the average lifespan of a cloud resource is only 127 minutes—and traditional security strategies can't keep pace," said Gaurav Kumar, CTO of RedLock and head of the CSI team. "Our report, which analyzed over 1 million cloud resources and 12 petabytes of network traffic, unmistakably shows the need for solutions that help manage security and compliance risks with ease, speed and automation."

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login Register