Cloud security posture management is difficult, the headlines prove this out again and again. The cloud is secure, but the enterprise fails to use it securely. Cloud security exposures on AWS, Azure, and Google Cloud can, and do, happen to anyone. It just happened to Rubrik, an IT security and cloud data management unicorn valued at north of $3 billion.
A developer error resulted in a misconfigured AWS Elasticsearch server containing tens of GB of data including customer names, contact details, and case details for customer support. Such leakage undermines trust and erodes brand. Interestingly, this was an engineering sandbox account, not even a production environment. A default setting on the Elasticsearch server was not changed. To err is human. And this is precisely the point.
The cloud changes faster than humans can keep pace. A legion of developers, using hundreds of cloud services, continuously updated as they race on the hamster wheel of innovation. Human error is inevitable. Companies need an automated means of securing their cloud footprint, so that cloud security is as agile as their developers. State-of-the-art security tools and methods enhance, not impair, agility. Automation increases consistency, eliminates human error, and minimizes the window of vulnerability. This exposure potentially dates to October 2018 and includes data of European businesses, raising the prospect of stiff penalties of up to 4% of annual revenue under the GDPR data protection regulations.
BMC Helix Cloud Security could have easily found and fixed the root cause of this exposure. It automates security checks and remediation – no scripting required! – to consistently and securely configure the cloud resources your business uses on AWS, Azure, and Google Cloud. Don’t take my word for it. Check it out yourself. Take the free 14-day trial, check your cloud security posture, and start plugging gaps within 5 minutes of getting started.
These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.
See an error or have a suggestion? Please let us know by emailing firstname.lastname@example.org.