Companies like Amazon, Google and Microsoft are revolutionizing the way that organizations store data by providing cost-effective cloud storage solutions. Cloud storage allows customers to rent storage servers which reduces cost by not having to purchase and maintain physical servers of their own. The issue is that the cloud servers still depend on the renting agency to monitor and secure their data. Some IT managers leave the default settings on–thinking that this would be sufficient for their security settings. Many times, the default settings do not include password protection to the data, only the settings configuration. This leaves the data exposed to anyone who knows where to look. This year alone has seen the demographics of over 80 million US households, the expected salaries of over a million job seekers and thousands of Facebook passwords revealed through misconfigured servers. Attackers with minimal skill have been able to find this information, copy it, and sell it for significant profits.
When organizations set up cloud services, it is recommended to contact the hosting company and consult with them on how to best secure that database. Normally, these companies have entire teams dedicated to help secure and protect a customer’s data. It is also wise to perform routine security audits and to use ethical hacking services, such as TrustedSec, that can find security flaws and provide reports on how to correct these flaws.
To read more: https://www.cnet.com/news/exposed-databases-are-as-bad-as-data-breaches-and-theyre-not-going-anywhere/