Table of Contents
Share this entry
Recently, the Internet Society, a non-profit organization dedicated to keeping the internet open and secure, experienced an extensive third party data breach compromising 80,000+ members’ PII. These files contained names, emails, mailing addresses, and logins and were ultimately exposed publicly online. The data was hosted in an Azure environment, specifically, a storage repository.
It is uncertain how long this data was publicly available, but after the security firm, Clairo, made the discovery, the repository was secured a week later. The Internet Society reportedly took action immediately to investigate the situation. Furthermore, they report no evidence of malicious access to member data, but the incident remains monitored.
How could this have happened? Well, if you’re having deja vu, it’s because we published a blog covering a similar incident just last week. In this current incident, the Internet Society claims that the misconfiguration came from a third-party vendor. It is exactly this type of extremely preventable misconfiguration that continues to impact institutions everywhere on a seemingly weekly basis.
Solutions for Third-Party Data Breach
Luckily, solutions exist today aimed at preventing this exact incident – specifically, a mature Cloud Security Posturement Management (CSPM) solution. If you’re familiar with the shared responsibility model (Azure has their own), then you know as much as a cloud provider, like Azure, ensures the protection of the cloud, the configuration within your cloud is entirely your responsibility.
Integrating a CSPM tool to monitor your Azure environment ensures your bases are covered at the most foundational level. These tools constantly compare your environment against a baseline of appropriate configurations and behavior, looking for deviation. The moment a deviation is detected, such as a public-facing Azure repository, a CSPM solution would flag the issue.
A few things to note: a lot of vendors today provide CSPM solutions including this monitoring and detection, but next-generation tools take things a step further. Let’s say there is a misconfiguration, like a lack of authentication needed to access student PII, and your legacy CSPM tool detects it and issues a ticket to your security team. This ticket will sit at the back of a queue of other security concerns, or the alert can get lost in a sea of notifications. Even worse, your organization needs to waste precious time to intake the ticket and define the team responsible and capable of remediating the issue.
In this case, organizations needs an efficient way for the correct team responsible to receive the alert, and it needs context in order to recognize that this specific alert, among so many others, is a pressing concern deserving immediate attention. Even a step further, it needs a way to remediate the concern without manual action.
Tackling Third-Party Risks with Sonrai Security
Sonrai Security is dedicated to providing your business the insight it needs to prevent, detect and remediate unintended access risks internally or through third parties. Outsourcing to third-party experts serves a great purpose in bolstering your business, but don’t let it be what takes you down.
Sonrai Dig provides one platform with a myriad of integrated solutions to monitor your environment, detect misconfigurations and possible risk factors, alert the necessary parties through intelligent workflows, and even remediate pressing vulnerabilities when human action isn’t possible.
Secure your perimeter with Sonrai Dig. Contact Sonrai Security to learn more about securing your Azure environment along with GCP and AWS.
THE ARCHITECT
The Newsletter for Cloud Security Leaders. 1x a month.
Get a Comprehensive Cloud Identity Audit
Request Your AuditSonrai cloud security platform, products and services are covered by U.S. Patent Nos. 10,728,307 and 11,134,085, together with other domestic and international patents pending. All rights reserved.