Amazingly, yet another data breach due to misconfigured Amazon S3 buckets has hit the news this week. This one exposing the personal information of 123 million individuals! The company in question, Alteryx, is a data analytics firm -- an organization that should know full well the value of data and how important it is to protect that data.
Unfortunately, like their counterparts at Verizon, the Republican National Committee, Uber and even the WWE, Alteryx joins the ranks of companies who, for the foreseeable future, will see this when people Google their name:
Next-Gen CASBs like Bitglass provide a comprehensive security platform for both SaaS applications and IaaS platforms. In this case, several basic capabilities could have prevented all of these breaches.
First, encryption, the killer feature for cloud security, ensures that even if human error does result in misconfiguration, the stolen data is nothing but unusable ciphertext.
Second, identity and access control capabilities act as a gatekeeper, ensuring that only legitimate users are accessing sensitive data stores like this. Step-up multifactor authentication (though users with access to hundreds of millions of records should always be forced to use MFA), device and location policies, and more, ensure that even if credentials are compromised, data remains secure.
Finally, Next-Gen CASBs have API access into major cloud applications, like AWS, which can help reduce the human factor that results in misconfigurations like this. This API access helps to identify and stop bad policies and misconfigurations (such as exposed S3 buckets).
On my wishlist this Christmas? For every AWS administrator to spend 5 minutes checking permissions for their S3 buckets and for them to spend another 5 minutes checking out Bitglass.