How to Avoid the AWS Configuration Mistake FedEx Made that Exposed Confidential Customer Data to Hackers

BY:

Could your organization fall victim to the same AWS configuration that plagued FedEx this year?

As more and more companies move their IT infrastructure to the cloud, there’s bound to be a few missteps. Many of these missteps have been catastrophic, but few have been dissected as much as a recent FedEx data breach that exposed confidential customer data. Read on as we dig into this data breach and help you understand why it happened and how your company can steer clear of the AWS configuration mistakes that caused this issue in the first place.

FedEx data breach explained

Earlier this year, it was revealed that a company FedEx acquired back in 2014, left customer data sitting on an unencrypted S3 instance. This exposed data consisted of more than 100,000 scanned documents with everything from drivers licenses to passports. FedEx has maintained that while the data was exposed, they do not have any indication that it has been exploited as of yet.

What can we learn from this FedEx data breach?

This data breach shows that companies have to be extremely careful when storing any type of information in the cloud. Not only does this relate to corporate data, but any acquisitions that occur must be scrutinized to ensure that everyone is aware of the intricate details of any

cloud-based initiatives that exist on the part of the company that is being acquired.

Cloud instances are becoming almost too easy to create, which can cause a scenario where a lone developer is simply testing a new feature and decides to spin up a new instance and load up some dummy data. The problem with this approach is that too often these side projects end up being created, left, and never touched again without any security protocols being in place for confidential data that’s residing in the cloud.

Companies need to be hyper vigilant when it comes to cloud security. Many companies seem to have the opinion that because they’re moving resources to the cloud with major players like Amazon, Microsoft, or Google, somehow their security concerns are no more. This is absolutely untrue. Companies need to remember that cloud providers such as AWS, Azure, and Google Cloud are only providing the infrastructure for you to host your own data. While these providers do offer some additional security safeguards, these must be configured, and are not enabled by default when a new instance is spun up in the cloud. In the same way that you’re extremely cognizant of the security surrounding your in-house corporate network, you should stay laser focused on maintaining the security of any public cloud infrastructure as well.

Do you have any vulnerabilities in the cloud?

Do you fear that your team has been a bit lackadaisical when it comes to configuring your cloud infrastructure? If so, it’s critical that you bring in a team of cloud experts to take an inventory of all your cloud resources and how secure they really are. Even if you’ve been able to fly under the radar and not experience any type of data breach, your days could be numbered.

If you’d like to have a cloud assessment to identify any of your company’s vulnerabilities related to cloud security, reach out to CloudHesive today by phone at 800-860-2040 or through our online contact form.

Related Blogs

  • AI-Driven Customer Service Chatbots: Enhancing Customer Experience & Business Efficiency

    What’s All the Fuss about AI-Driven Customer Service Chatbots? Using AI technology, customers can interact with chatbots via phone, email, text, or social media. AI-driven chatbots offer answers to...

    Learn More
  • Elevating Customer Experiences: Unleashing AWS Conversational AI in Contact Centers

    Learn what Conversational AI is and how you can benefit from it. Traditional first-tier customer service support has moved to AI. Why? Because AI offers conversational interfaces that act and...

    Learn More
  • Artificial Intelligence and Multi-Channel Contact Centers: The Future of Customer Service

    AI Innovation and Multichannel Contact Centers  Multi-channel contact centers offer better service by allowing customers to choose their communication preferences. Customers are no longer forced to...

    Learn More