New 'unknown' data breach shows the danger of multicloud
Data breaches are an ongoing problem that's getting worse given the recent news that a massive unprotected database of unclear ownership was found online, potentially exposing personal data for 80 million U.S. households.
Researchers from vpnMentor found the database has numerous types of information that could contribute to payment fraud or other financial services crime, such as street addresses, age and birth dates, as well as geolocation, reports PCWorld.
It is very unsettling to see so much sensitive data exposed to anyone with a computer and an internet connection. There are several services that continuously scan the internet these days, so it takes very little time for anything unprotected on the internet to be discovered. On a good day, the exposure is detected by a white-hat researcher who alerts the owner. But on other days, threat actors have the advantage since they have access to the same capabilities as the good guys.
This kind of exposure seems to result of a shift to a multicloud that is done by people who do not understand what they have embarked on, or who do not have the tools to perform this journey to the cloud safely. Since the data exposed is hosted on a public cloud provider, I can only guess it is the work of some shadow IT, where a group or individual believed the data was safely stored when it wasn’t.
The journey to multicloud is happening and there is no going back. The risks of not properly securing a multicloud environment are very serious, though, and I strongly recommend every company engages with partners who understand networking, who understand the cloud and who can provide advice and solutions that will make that transition seamless and secure.