Could your organization fall victim to the same AWS configuration that plagued FedEx this year?
As more and more companies move their IT infrastructure to the cloud, there’s bound to be a few missteps. Many of these missteps have been catastrophic, but few have been dissected as much as a recent FedEx data breach that exposed confidential customer data. Read on as we dig into this data breach and help you understand why it happened and how your company can steer clear of the AWS configuration mistakes that caused this issue in the first place.
FedEx data breach explained
Earlier this year, it was revealed that a company FedEx acquired back in 2014, left customer data sitting on an unencrypted S3 instance. This exposed data consisted of more than 100,000 scanned documents with everything from drivers licenses to passports. FedEx has maintained that while the data was exposed, they do not have any indication that it has been exploited as of yet.
What can we learn from this FedEx data breach?
This data breach shows that companies have to be extremely careful when storing any type of information in the cloud. Not only does this relate to corporate data, but any acquisitions that occur must be scrutinized to ensure that everyone is aware of the intricate details of any
cloud-based initiatives that exist on the part of the company that is being acquired.
Cloud instances are becoming almost too easy to create, which can cause a scenario where a lone developer is simply testing a new feature and decides to spin up a new instance and load up some dummy data. The problem with this approach is that too often these side projects end up being created, left, and never touched again without any security protocols being in place for confidential data that’s residing in the cloud.
Companies need to be hyper vigilant when it comes to cloud security. Many companies seem to have the opinion that because they’re moving resources to the cloud with major players like Amazon, Microsoft, or Google, somehow their security concerns are no more. This is absolutely untrue. Companies need to remember that cloud providers such as AWS, Azure, and Google Cloud are only providing the infrastructure for you to host your own data. While these providers do offer some additional security safeguards, these must be configured, and are not enabled by default when a new instance is spun up in the cloud. In the same way that you’re extremely cognizant of the security surrounding your in-house corporate network, you should stay laser focused on maintaining the security of any public cloud infrastructure as well.
Do you have any vulnerabilities in the cloud?
Do you fear that your team has been a bit lackadaisical when it comes to configuring your cloud infrastructure? If so, it’s critical that you bring in a team of cloud experts to take an inventory of all your cloud resources and how secure they really are. Even if you’ve been able to fly under the radar and not experience any type of data breach, your days could be numbered.
If you’d like to have a cloud assessment to identify any of your company’s vulnerabilities related to cloud security, reach out to CloudHesive today by phone at 800-860-2040 or through our online contact form.