82% of Databases Left Unencrypted in Public Cloud

  /     /     /  
Publicated : 22/11/2024   Category : security


82% of Databases Left Unencrypted in Public Cloud


Personal health information and other sensitive data is left exposed as businesses overlook encryption and network security.



The average lifespan of a cloud resource is 127 minutes. Traditional security strategies cant keep up with this rate of change, and 82% of databases in the public cloud are left unencrypted.
These findings come from the RedLock Cloud Security Intelligence (CSI) teams Cloud Infrastructure Security Trends report. RedLock today formally announced the CSI team and its inaugural report, which focuses on major vulnerabilities in public cloud environments.
The team analyzed more than one million cloud resources, processing 12 petabytes of network traffic, and dug for flaws in public cloud infrastructure. They found 4.8 million records, including protected health information (PHI) and personally identifiable information (PII), were exposed because best practices like encryption and access control arent enforced.
Imagine the day and age we live in, says RedLock cofounder and CEO Varun Badhwar. You should be using encryption of data at-rest. There is no data out of the reach of bad actors if not secured correctly.
The problem isnt in cloud providers failing to secure data centers, but in organizations failing to secure applications, content, systems, networks, and users that use the cloud infrastructure. That is where people are not aware, or not investing the right resources, he continues.
Researchers found of the 82% of databases left unencrypted in the public cloud, 31% were accepting inbound connection requests from the internet. More than half (51%) of network traffic in the public cloud is still on the default web port (port 80) for receiving unencrypted traffic. Nearly all (93%) public cloud resources have no outbound firewall rule, says Badhwar.
You need to have control at the network, configuration, and user layers so its hard for someone to get in, and harder for them to take your data out, Badhwar emphasizes, adding how weak network controls lead to trouble. Its like saying, Im going to leave my gates and front doors open, and hope I don’t get robbed, he says.
Developers and the team running operations in the cloud need to have secure access, and researchers discovered they often dont.
Businesses are moving to the cloud from on-prem environments where everything underwent a security review and sign-off process before being pushed to production, Badhwar continues. Two hours and 27 minutes, the average lifespan of a cloud resource, is a much smaller window.
Within that timeframe, the customer has no clue how to get security right because developers are pushing code, says Badhwar. None of the existing security tools work at the speed of change. Customers have no visibility into the changes pushed to production.
He calls the current cloud environment a devops-oriented world in which those who write the code are responsible for pushing it to production. The problem is, those who are making changes within cloud environments are not trained security professionals.
Their lack of expertise brings additional risk, especially with new tech like containers. RedLock researchers found 285 Kubernetes dashboards (web-based admin interfaces) deployed on Google Cloud, Microsoft Azure, and AWS that were not password-protected. There were many cases where Kubernetes systems held plaintext credentials to other critical systems, a vulnerability leaving key infrastructure exposed.
Security recommendations from the report include training developers on security practices for public cloud infrastructure, ensuring services are set to accept internet traffic on an as-needed basis, and setting a default deny all outbound firewall policy. You should also automatically discover database and storage resources as they are created in the public cloud, and monitor network traffic to ensure those resources are not directly interacting with internet services.
Related Content
Data Security & Privacy: The Risks of Not Playing by the Rules
4 Reasons the Vulnerability Disclosure Process Stalls
Data Breach, Vulnerability Data on Track to Set New Records in 2017

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
82% of Databases Left Unencrypted in Public Cloud