December Cloud Security Roundup
- Ariella Mankowitz
- 3 minute read
Missed the hottest cloud news of the month? Don’t worry we’ve got you covered in this month’s cloud roundup.
This month we focused on data leaks, protection and all things encryption, along with what technological trends to expect for 2021.
Save time and check out our summaries below.
Title: Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak
Writer: Tara Seals
Summary: Prestige Software, who is based in Madrid and Barcelona, sells a channel management software called Cloud Hospitality. This software automates reservations for a number of hotel booking sites like Expedia and Booking.com. It has been uncovered that this hotel reservation platform has been exposing over 10 million individual log files in total, dating all the way back to 2013. The leaked information Includes PII, reservation details, payment costs and more. Prestige Software was storing all of its hospitality’s data on Amazon Web Service, and it is reported that the reason for this leak was due to a misconfigured AWS S3 bucket. Given the sensitive data leaked Prestige Software is now required to take heavy steps to remedy this breach and ensure that there are no more vulnerabilities in their systems.
What Our Experts Had to Say About This: Over the past two years 33.4 billion records have been exposed due to cloud misconfigurations and 51% of organizations reported data loss as the main loss. Modern cloud architectures should assume data breach. When data is stored encrypted at all times (at-rest, in-transit, in-use), the risk of data breach is significantly reduced. In a world where all customer PII is protected at all times, similar attacks on data become moot. Companies need to be putting structures in place, in order to circumvent the costly and timely effects of these errors.
Title: Gartner Identifies the Top Strategic Technology Trends for 2021
Summary: At the Gartner IT Symposium/Xpo 2020, Gartner identified the top strategic technology trends for 2021, with the idea that organizations need to drive their initiative with focus on three key themes: people centricity, location independence and resilient delivery. Gartner believes that these elements encompass the dynamic shift from a world responding to Covid19 to an environment of growth and prosperity. The top trends listed include; internet of behaviors, Privacy-enhancing Computation; Distributed Cloud, Anywhere Operations; Cybersecurity Mesh, among others. Organizations need to maintain an element of fluidity and operational adaptability in order to recover from the year and leap into new technological capabilities.
What Our Experts Had to Say About This: We at Kindite pay close attention to the ‘privacy preserving computation’ technologies that surface in the market. Included in that is Homomorphic Encryption and while it comes in many forms, those of which you can learn about in our blog, it essentially permits encrypted data to now be used for computations without decrypting it. Cloud service providers, like Azure, are now also offering a hardware-based Trusted Execution Environment (TEE) which protects data-in-use by isolating computations to the TEE Environment.
Title: Best Practices: Cloud Data Encryption
Writer: Andras Cser with Merritt Maxim, Benjamin Corey, Peggy Dostie
Summary: With contributions from various leading vendors in the cybersecurity arena, Kindite included, Forrester discusses the importance of implementing Cloud Data Encryption when migrating data to the cloud. The first key takeaway is that organizations cannot begin implementing data migration to the cloud without Cloud Data Encryption, reducing the threat surface and complying with regulatory requirements. Gartner further explores a number of architectural options for encryption key management including storing keys separately from the cloud in dedicated hardware, sometimes software, ensuring that even if data is leaked, no plain-text is revealed. Lastly, Gartner discusses the various best practices when integrating a CDE into an application with minimal impact on end-user experience. These practices include; scaling down your sensitive data, rotating keys as needed and ensuring that encryption keys are always kept separate from the encrypted data.
What Our Experts Had to Say About This: Data exists between complex hybrid and multi-cloud infrastructures and what is clear is there is no solution that fits all. A data protection stack needs to comprise integration and deployment flexibility given the differences between environments. What is clear is that Cloud Data Protection is vital when migrating data to the cloud. Not only to protect an organization’s sensitive data but also to ensure compliance with regulatory requirements. To learn more about successful cloud data protection check out our blog post.