Fifty-seven thousand student records found themselves at the center of a Microsoft Azure misconfiguration breach this week. MyEasyDocs is an online documents verification platform that specializes in verifying banking, colleges, government and law related documents – not exactly the type of content you want publicly accessible. Yet, that was the case here. The student information was hosted in Microsoft Azure that did not require sufficient authentication to access it, leaving the crown-jewel data exposed. Anyone with even elementary knowledge around unsecured databases could access the 30.5GB of student information.
IT security researchers at vpnMentor found the misconfigured resource and informed the Israeli CERT and MyEasyDocs. The server was then able to be secured. It is reported that the Microsoft Azure database hosted student grades, full names, majors, phone numbers, email addresses, graduation dates and national IDs.
These sort of easily preventable and basic-misconfiguration breaches are frequent. Solutions exist today aimed at alerting organizations of misconfigurations like publicly exposed data, the lack of proper authentication or logging and encryption not being enabled – yet, these breaches hit the headlines day after day. This leaves us to assume it must be a lack of awareness and education into how to prevent these mistakes, or an assumption that it doesn’t matter or perhaps an organization doesn’t think it could happen to them.
A 2022 Thales Cloud Security Report found that 45% of businesses have experienced a cloud-based data breach or failed audit in the past year. While we can’t deduce how many of those were simple misconfigurations, anecdotally we see it being a frequent culprit.
According to new Forrester research from Identity Controls Are Central To Enterprise Plans For Cloud Security report, an astounding 98% of decision makers report that they are facing CIG/CIEM-adjacent security challenges. Some of which lead to data breaches. Thes study notes legacy tools that cannot integrate well, or at all, in the public cloud environment as a common theme. Organizations today tack on tool after tool to secure their cloud, yet continue to face major security incidents.
What can prevent Azure Misconfigurations?
A few solutions come to mind, the first being Cloud Security Posture Management. CSPM refers to a class of tools that identify misconfigurations in the cloud, and assist with their remediation, to reduce the overall risk in your cloud environment. Standard static snapshots of cloud security posture often miss ephemeral infrastructure that’s out of compliance between polling based scans without security teams ever even knowing it. CSPM provides enterprises with continuous monitoring and automation to deploy and enforce policies with precision to prevent misconfiguration and risk.
Simply put, CSPM can give you a full picture of your inventory and enable you to set your security baseline. Advanced CSPM solutions will continuously monitor and detect deviations from your baseline as well as on any irregular behavior taking place within your environment. Common, and often devastating misconfigurations include data being directly exposed to the internet, audit not being enabled, or a lack of encryption.
Additional and critical features of an advanced CSPM are intelligent workflows and automation. Once risks are identified, the next step is to alert the organization. A strong cloud security solution with intelligent workflows sends the alerts to the teams who created the risk and are thus responsible for remediating it. This enables reduced responses times and increased accuracy with fewer false alerts.
Protocols and contingencies need to be put in place to safeguard the data in the event of an accident occurring. Common accidents are backing up data and restoring it, forgetting to password protect the new data set, and unfortunately, accidentally leaking a private database to the public internet. These all factor into the realm of human error and human error, while unstoppable, can be mitigated.
Strong data security should be a top priority for any organization. Cloud DLP tools will allow you to know where your data is, know who can access it, and know it’s locked down. Having a better understanding of the full picture around your most sensitive data helps to detect this sort of easy access, like a public Azure database.
Monitoring access of authorized and unauthorized identities, educating employees, and following careful procedures when working in the cloud, and procuring proper services and tools, like CSPM and CDLP, are all steps that can be taken to reduce the risk of a data breach.
Learn more about this Azure misconfiguration data breach get the full report from VPNMentor.