CloudSOC CASB Gateway

The problem is not specific to a single cloud app provider but can occur when using any file sharing app. Whether an exposure happens to just a handful of documents or millions, the damage can be severe. the exposure of sensitive documents regardless of where it's stored is has to be one of the primary data security threats that companys face. Robust processes and procedures are a must. Security is missing from the cloud for many companies out there. When it comes to the importance of Cloud security, there are no two ways about it.With so many recent breaches and technological attacks, maintaining security has become all the more important.

This will always be an issue unless encreption is implimented, I have heard of targeted attacks from friends of this very nature. Alarming but steps can be taken to help reduce the risk.

I agree with many of the previous comments, as the cloud becomes more pervasive in our infrastructure, this sort of security breech will be more common. As pointed out in the article, invoices are usually something a non-IT employee may store in the cloud without further thought. However, the liability of having non-secured financial documents makes security such as Symantec's critical.

I think most of the comments here focus on file sharing sites and that wasn't the problem.  It was misconfigured AWS Storage, not a Dropbox or a OneDrive issue.  So I think the difference here is what type of storage you are using.  If it was a Dropbox or a OneDrive or Google Drive issue then things would be much bigger of a deal and a bigger problem.  It is just a misconfigured AWS site which is a big problem.

Anyways be care ful setting up your AWS storage

This is very worrysome! Does the cloud provider take responsibility if there is a document data breach or do they blame the company for not securing the documents? Securing the documents as in obscuring confidential info or just all together encrypting the document. This could very well turn into a long list of blame game while the affected companies stands by. 

I think a lot of cloud based technology seems to be aimed at individuals rather than businesses so these tools either need to get simpler/more transparent in the security options you are setting OR companies need to ban the use of products that haven't been approved/test at least for storing sensitive data. Most of this stuff should be common sense really

Understanding what the cloud really is and the types of information that can be stored in the cloud is an important first step to securing your organization’s cloud presence. 

Cloud storage can be a safe way to store large amounts of data, as long as you’re aware of what to look for when it comes to security. 

When it comes to the importance of Cloud security, there are no two ways about it.

With so many recent breaches and technological attacks, maintaining security has become all the more important.

This article describes the risk immensely. Hope we all learn from this wonderful example.

Regards,

The article made me start thinking of the mobile device in my pocket, almost everyone has the smart device, we save photos, emails, payment, invoices on the device, but not everyone know a lot of their data are automatically restored in the mobile carrier's cloud or a third party cloud space, not all cloud spaces are securely protected. Nice to see that Symanec has thought and method to guard the information.     

Way to go Symantec, nice find! As always you're showing us why we need cloud security more than ever. It's hard to believe that people are still putting information out there without restricting privledges.

The problem here is that so many users of technology with cloud capabilities do not know how to correctly secure their data and therefore leave it exposed for anyone to peruse. This actually happened to a member of my family where a medical assessment was found "on the internet" for anyone to see. When contacted, the company had no idea at all how this had happened, and therefore no idea at all as to how to remove the document from the internet.  We need stronger protection worldwide that would force companies to remove such data or face an enormous fine equal to say half annual turnover. This would focus the attention of negligent companies and hopefully protect personal information that is going to be stored in the cloud increasingly in the future.

Good article and nice catch @Symantec!

I don't know who this company is, but I feel terrible for them...The lack of proper Cloud security and valuable knowledgable engineers are really the cause of issues like this.  There needs to be bigger/better initiatives for all companies to get better engineers and increase security measures...

This blog highlights the need for experience AWS/cloud security engineers. The potential damage a company can face due to data leakage is the exact reason why individuals need training and procedures need to be in place. I know my company has a dedicated team for dealing with the cloud infrastructure, this includes someone dedicated to security.

So it seems to me that two things need to happen.  1) people that set up these document storage / sharing services for their companies need to know what they are doing!  Sounds obvious but clearly there are training needs here if these mistakes keep happening. And 2) the interfaces and the underlying code need to get simpler, more intuitive and smarter.  It needs to be more difficult to make cockups like this and it needs to be able to warn and prompt stakeholders of the information a list of who, or what types of users, have access.

Interesting article about Cloud. It is a great lesson for everyone, security is not an option. It is really important to evaluate every time how data are managed and especially how is safe all sensitive information stored on the cloud.

Nice to read the following sentences :"The exposure of sensitive or compliance related documents in the cloud has become one of the primary data security threats that organizations face today. Leakage of these documents, intentional or otherwise, can be potentially disastrous for an organization and result in compliance fines, mitigation costs, and loss of customer trust. The problem is not specific to a single cloud app provider but can occur when using any file sharing app."

Thank you for sharing this article.

Security is missing from the cloud for many companies out there. It's about convenience and accessibility for them. I'm not sure that they fully understand the repercussions should their "protected" data get out but it seems it's a chance they're willing to take for sake of ease of use.

If you're going to store anything sensitive in the cloud you must first check it's robust and secure. Good article, certainly highlights the risks!

Always going to be an element of risk storing business sensitive documents off site. You certainly seem to loose an element of control adn put truct in your hosting provider. Interesting article, thanks.

I agree, the exposure of sensitive documents regardless of where it's stored is has to be one of the primary data security threats that companys face. Robust processes and procedures are a must. Thanks for the read.

As these platforms become more and more accessible, I can only see cases like this becoming all the more common. While the kind of cloud security systems that the blog mentions are a great way to control this, I would expect (hope?) that hosting companies like Amazon will eventually produce a more tailored product for this kind of use. It's secure at an infrastructure level but that doesn't prevent the user from using it incorrectly

Whoever set up the services on the 'Cloud' must always ensure they are secure before putting any data on them, and always test the settings, permissions, etc regularly.

You can't just do an 'set it up & forget' - this will not work at all. If it's left open, anyone can find it. And abuse it. Even blackmail!