Multi-Cloud Blog

Misconfigured Elasticsearch Server Exposes GB of Customer Data

Rick Bosworth
2 minute read
Rick Bosworth

Cloud security posture management is difficult, the headlines prove this out again and again. The cloud is secure, but the enterprise fails to use it securely. Cloud security exposures on AWS, Azure, and Google Cloud can, and do, happen to anyone. It just happened to Rubrik, an IT security and cloud data management unicorn valued at north of $3 billion.

A developer error resulted in a misconfigured AWS Elasticsearch server containing tens of GB of data including customer names, contact details, and case details for customer support. Such leakage undermines trust and erodes brand. Interestingly, this was an engineering sandbox account, not even a production environment. A default setting on the Elasticsearch server was not changed. To err is human. And this is precisely the point.

The cloud changes faster than humans can keep pace. A legion of developers, using hundreds of cloud services, continuously updated as they race on the hamster wheel of innovation. Human error is inevitable. Companies need an automated means of securing their cloud footprint, so that cloud security is as agile as their developers. State-of-the-art security tools and methods enhance, not impair, agility. Automation increases consistency, eliminates human error, and minimizes the window of vulnerability. This exposure potentially dates to October 2018 and includes data of European businesses, raising the prospect of stiff penalties of up to 4% of annual revenue under the GDPR data protection regulations.

BMC Helix Cloud Security could have easily found and fixed the root cause of this exposure. It automates security checks and remediation – no scripting required! – to consistently and securely configure the cloud resources your business uses on AWS, Azure, and Google Cloud. Don’t take my word for it. Check it out yourself. Take the free 14-day trial, check your cloud security posture, and start plugging gaps within 5 minutes of getting started.

BMC Helix Cloud Security

BMC Helix Cloud Security is an automated SaaS security and compliance solution with built-in remediation for cloud service configurations and container security.
Learn More › Free Trial ›

These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.

See an error or have a suggestion? Please let us know by emailing

Run and Reinvent Your Business with BMC

From core to cloud to edge, BMC delivers the software and services that enable nearly 10,000 global customers, including 84% of the Forbes Global 100, to thrive in their ongoing evolution to an Autonomous Digital Enterprise.
Learn more about BMC ›

About the author

Rick Bosworth

Rick Bosworth

Rick Bosworth is a Director of Marketing at BMC Software, developing marketing, content, and growth strategies for IT security solutions, with special emphasis on public cloud. Rick has over 15 years of global product marketing and product management experience, defining and launching high tech B2B solutions. A lifelong learner, Rick earned an MBA from The University of Texas at Austin and a BSEE from Texas A&M University. He enjoys travel, adventurous dining, and endurance athletics, especially triathlon.