As has been widely reported, Verizon is the latest enterprise to be hit with a large-scale data breach. Over 14 million customer records were left exposed due to a misconfiguration in Verizon’s Amazon Web Services (AWS) instance. Among the leaked information were logs containing customer names, cell phone numbers, and account PINs. Had this data fallen into the hands of hackers, even the most security conscious users – those with two-step authentication enabled – could have been bypassed, allowing hackers to hijack a customer's account and phone number.
While AWS provides a great deal of built-in security from an infrastructure and application standpoint, the smallest misstep in a security configuration can compromise important data. For data-at-rest in AWS, encryption and contextual access controls are invaluable.
One way to limit exposure in a large-scale data breach is to encrypt all your data at rest in repositories like Amazon S3. Cloud encryption provides an additional layer of security and a dual system of control for IT administrators. Full-strength encryption that doesn't impede on application functionality where your organization controls the keys can be invaluable in protecting fields or files in all your sanctioned cloud apps.
Contextual access controls are key in ensuring that data doesn’t fall into the wrong hands. These controls can be used to limit data access to relevant functions within an organization or to individual users. Controlling access based on the sensitivity of data in any application coupled with access controls can be incredibly effective if that decrypted data is only accessible to a select few.
In the event of a breach where data is being exfiltrated, user and entity behavior analytics (UEBA) can also identify suspicious behavior or malicious/anomalous activity. These real-time security protocols can limit or block access to data based on how credentials are being used.
Consistent security requires a dedicated cloud security platform with a neutral approach that allows admins to configure policies across multiple apps for total data protection.