An Azure Blob Data Breach
Just a few days ago, the British Council experienced a high-magnitude Microsoft Azure blob data breach compromising hundreds of thousands of student files. These files contained personal student information like names, emails, enrolment details, as well as their login credentials, and were ultimately exposed publicly online. The culprit, an unsecured blob repository.
It was a cybersecurity firm, Clairo, that discovered the data breach. Afterward, the British Council acted immediately to remediate the situation. It is unknown just how long this information was publicly exposed – a concerning reality.
How could this have happened? Well, it is a familiar story, one that we hear far too often. The British Council utilized Azure storage, specifically, this student data was stored in a blob repository. It is reported that this blob required no authentication to access, lending it to be an easy target. It is exactly this type of extremely preventable misconfiguration that becomes the Achilles heel of organizations today.
So How Can You Prevent an Azure Data Breach?
Solutions exist today aimed at preventing this exact incident – specifically, a mature Cloud Security Posture Management (CSPM) solution. Microsoft Azure does a fantastic job at providing a secure platform for your business to thrive off of, but once you migrate to the cloud, your environment is your responsibility. Integrating a CSPM tool to monitor your Azure environment ensures it is secure at the most foundational level. It does so by constantly comparing your environment to a baseline of appropriate configurations and behavior, looking for deviation. The moment a deviation is detected, such as a public-facing Microsoft Azure blob, the tool would flag the issue.
A few things to note: a lot of vendors today provide CSPM solutions including this monitoring and detection, but next-generation tools take things a step further. Let’s say there is a misconfiguration, like a lack of authentication needed to access student PII, and your CSPM tool detects it and issues a ticket to your security team. This ticket will sit at the back of a queue of other security concerns, or the alert can get lost in a sea of notifications the modern security team receives. Or maybe there’s a specific team responsible for tackling the issue, but this alert goes to a general queue. What if it’s Friday evening and your employees are signing off for the weekend?
In this case, your organization needs an efficient way for the correct team responsible to receive the alert, and it needs context in order to recognize that this specific alert, among so many others, is a pressing concern deserving immediate attention. Even a step further, it needs a way to remediate the concern without manual action.
Getting the Right CSPM Solution for Azure Misconfigurations
These capabilities are exactly what Sonrai Dig sets out to provide. With Sonrai Dig’s intelligent CSPM tool, your environment is continuously monitored against a secure baseline of configurations to detect the security concerns lurking around the corner. Once an issue is flagged, Dig’s intelligent workflows will alert the exact team responsible for the concern and close the gaps between security, audit, and DevOps teams. When immediate action is needed, Dig’s smart bots will remediate the concern and eliminate risk. One of Dig’s greatest strengths is its ability to provide context, allowing your team to prioritize a pressing issue like an exposed blob leading to an Azure data breach.
In sum, the right CSPM platform should automate the process of assessing your cloud against hundreds of configuration and security best practices. Your CSPM solution should identify critical risks in your Azure or multi-cloud environment. Checks may include basic policies, like ensuring each account sends its logs to secure log repository, requiring all admin users to log in with MFA, and making sure no administrative identities are open to the public.
Running a cloud at scale requires you to quickly and reliably identify when your cloud deviates from security policies. With intelligent CSPM solutions, like Sonrai Dig, more complicated best practices can be assessed as well, including looking for excessive amounts of account permissions, making sure access to storage blobs only come from authorized identities.
The British Council example is not unique, in fact, we wrote about a similar incident last week. The key is to spread awareness that this is extremely common, but it actually has an easy solution. Businesses do not realize the risks they hold in the cloud. Take some pressure off your team and rest easier by leveraging security platforms created to hold up your end of the shared responsibility model.
If your organization works with Microsoft Azure, our product integrates seamlessly with the platform. Make sure the public doesn’t find its way into your Azure blob, or AWS S3 bucket and Google Storage for that matter. To see Sonrai Dig in action, request a demo today.