Millions of Exposed Files…Millions

Bloomberg provided coverage about Rapid7, a Boston based security firm, that did some research on data hosted on Amazon’s S3 service. They found that millions of files were exposed because of defaults security policies that were never updated by administrators. You can’t blame Amazon for not locking down the files you are hosting in their cloud, but you should at least understand what this means. “Cloud hosting and cloud storage is all the rage, but there are still some common pitfalls that many organizations overlook” says Will Vandevanter. The problem is that by putting data in the cloud, you also need to ensure that you are taking additional measures to secure it. The old way of creating a share on your internal systems, and moving data onto and assuming it must be protected since it is inside the LAN, has a central authentication mechanism, and has a staff of IT team to monitor the security is no longer holding true. When you put data in the cloud, it leaves your LAN. That means you need to ensure that it arrives safely at the cloud. There is typically no central authentication mechanism, so you must ensure the data is secured, encrypted, and protected in the off-chance it can be accessed. Lastly, your IT team loses most of the control over that data once it leaves the data center. Sure they can get to it, and sure, they can do some limited monitoring, but they don’t have access to the underlying infrastructure, which limits their ability to respond in the traditional ways they are accustomed to. Be sure that you think before you public cloud lest you also expose millions of files to anyone with a web browser.