Misconfigurations

Have you ever wanted to live on a cloud? The reality is today many of us do. Most aspects of our lives are available for collection, display, and analysis in systems that do not physically belong to us: they are “the cloud”. Gmail, YouTube, TikTok, Snapchat, Facebook, and even retailers, like Amazon and Walmart, all house and use data about each and every one of us. Businesses, like individuals, also live in the cloud. The ability to offload computing resources to a trusted cloud partner has reduced capital expenditures and maintenance overheads for companies worldwide. There is also an assumption that cloud security prowess is automatically transferred to the subscriber’s systems when they migrate to the cloud. This can be true, but BUYER BEWARE, no system is truly hands-off when it comes to security. The reality is all systems, cloud or otherwise, need to be configured properly to ensure security risks are eliminated. 

Billie is a cloud architect for a small independent financial investment firm. The firm has decided that to ensure they are as secure as possible, they are going to migrate 100% of their operations into a top tier cloud provider. Billie has done the homework, researched the different options, and she’s confident the vendor she has chosen gives her the right mix of security, availability, and functionality.

Over the course of a year, she and her team methodically migrate all their legacy infrastructure into the new cloud environment. She replaces their file storage first, then the server infrastructure, testing along the way to ensure a consistent experience for the end users. Finally, she rolls out a new, non-persistent Virtual Desktop Interface architecture. This will ensure all the work any user is doing is done in the cloud and prevent the movement of data to the actual endpoints. When she has finished, she looks at the new architecture, knowing  that with the new vendor as the security backbone, her company is now more secure than ever. Later, she will realize how wrong she was.   

One morning several months later, Billie is at her desk working from home when her phone rings. It is the HR manager for her company. By his tone of voice, he is obviously very upset, and proceeds to tell her, he just received a call from the FBI informing him they have had a data breach. All their client banking account information has been found on the dark web and traced back to their systems. How could this happen? The cloud is secure! 

Digging in, Billie was able to find a storage bucket in their cloud system that had been misconfigured and left exposed. Bad actors were able to scan the cloud provider’s systems, see the exposed files, and take them. The moral of the story is that using a secure service is not enough

Billie and her team could have used several different tactics to detect the misconfiguration. Primarily, the use of proactive system scanning and penetration testing, but they could have also prevented it from happening in the first place by having more robust change management and security testing procedures.

CCI Systems Blue Team expert services can help make sure your systems, cloud, or otherwise, are secure, configured correctly, managed consistently, and ensure a proper return on your technology investments.