Who Can Access My Sensitive Data?‍

Originally published at Dig Security.

Written by Sharon Farber.

Data serves as the lifeblood of organizations, fueling insights, driving decision-making, and nurturing customer relationships. However, the challenge lies in effectively managing this valuable asset, particularly when it resides in the cloud. With 39% of businesses having faced a cloud data breach in the last year, organizations are having to face a high probability of an attack against their cloud infrastructure. They have become extremely wary about where their sensitive data is stored, who can access it, and where it flows through. Failures to control this data can lead to a catastrophic breach of sensitive information, costing the organization in fines, reputational damage, and non-compliance. This is compounded by the cost of remediation in labor and loss of productivity.

This blog is the second part of a 3 part series exploring the challenges of managing data in the cloud exploring the difficulties with access visibility.

Understanding Who Has Access

Data access governance (DAG) is crucial in managing and regulating access to an organization’s data assets. Its primary objective is to ensure that only authorized individuals or entities can access, modify, or utilize the data while upholding data integrity, security, and compliance with regulations and policies. DAG involves the implementation of policies, procedures, and technologies that oversee data access, permissions, and privileges throughout the data lifecycle.

Organizations often face the challenge of sensitive data finding its way into cloud storage due to the ease of development and rapid prototyping. This can occur when data is planned for storage in the cloud or when it is used as samples for testing without proper controls. Such situations create risks and increase the potential for data exposure.

More than 35% of principals have some privilege to sensitive data assets

No matter how data makes its way to the cloud, there are crucial steps to take to determine overall risk. The first step in this process is to discover and classify all of the data, identifying the data’s composition and structure on a fine-grained level, as cloud storage can contain many data types. This information can range from personally identifiable information (PII) or financial data to sensitive internal documents such as intellectual property and business secrets.

Determining whether the data is sensitive or non-sensitive and whether it falls under the purview of internal governance, compliance mandates, or legal requirements is essential to setting the proper security controls.

Admin vs. Consumers

When it comes to sensitive assets, there are distinct permissions for consumers and administrators. Consumer permissions enable a principal to read and write data, allowing them to interact with the asset without making configuration changes. On the other hand, admin permissions grant a principal the ability to modify the asset’s configuration, such as making it public or granting direct access permissions to external accounts.

95% of principals with management or consumer permissions are granted them through excessive privilege

However, it’s essential to be cautious with admin permissions, as they can potentially expose sensitive information. For instance, a principal with admin privileges might unintentionally grant direct access permissions to remote accounts, inadvertently providing unauthorized individuals with access to the data. Another risk is the accidental exposure of the data to the public, potentially compromising its confidentiality.

‍Separation of Duties

Separation of Duties (SoD) is critical in maintaining organizational security. It refers to dividing key responsibilities and privileges among individuals to prevent a single person from having complete control or access to sensitive systems or data. SoD is essential because it helps to minimize the risk of internal fraud, errors, and unauthorized activities.

When SoD is violated, it can lead to significant security risks for an organization. For instance, if a single individual possesses administrative and consumer privileges across various applications and systems, ensuring proper checks and balances becomes difficult. This creates a situation where the same person has the power to modify configurations, grant access, and manipulate data while also having the ability to directly interact with and potentially exploit the same resources.

Such a violation of SoD increases the likelihood of unauthorized actions, intentional or accidental, and raises the risk of data breaches, fraud, or other malicious activities. Additionally, it can challenge compliance with regulatory requirements, as SoD is often a mandated control measure to ensure accountability and prevent conflicts of interest.

Excessive Permissions on Sensitive Assets

Excessive permissions on sensitive assets are a dangerous practice that should be avoided. While sometimes granted to expedite development or streamline management processes, they can result in misuse or data loss. When individuals or entities have more permissions than necessary, the risk of unauthorized access, accidental alterations, or intentional misuse of sensitive data significantly increases, leading to security breaches, data leaks, or even loss of critical information.

‍

Access to Managed Databases

Access mismanagement in databases is a common area where organizations often encounter issues. Specifically, the problem arises when administrators are granted extensive permissions, including unnecessary access to the contents of the databases they manage. Granting such extensive permissions can lead to data disclosures and compromises. Administrators may unintentionally or intentionally access sensitive data, posing a significant risk to data confidentiality and integrity.

This issue becomes particularly critical from a compliance perspective, especially in industries subject to regulations like HIPAA or GDPR. These regulations demand strict controls over data access and impose stringent requirements for safeguarding sensitive information. Allowing administrators unnecessary access to data violates the principles of least privilege and separation of duties, potentially resulting in compliance breaches and legal consequences.

Organizations should adopt a more granular approach to access management in managed databases to mitigate this risk. Administrators should only be given the specific permissions necessary to perform their privileged tasks. At the same time, access to the actual data should be limited to authorized personnel who require it for their specific job functions.

Excessive Permissions in Production and Development

Excessive permissions in production and development environments can pose significant data security and integrity risks. While organizations prioritize locking down production environments, they often create development environments that closely mirror the production setup. In these cases, excessive permissions granted in development expose sensitive data to administrators and developers who may not require such extensive access.

In development environments, virtually all administrators have access to sensitive information in storage

Development permissions are often handled more loosely to expedite development, leading to potential security vulnerabilities. However, it is crucial to treat development environments with the same level of caution as production environments and follow best practices consistently in both locations. Permissions should be explicitly defined and limited to only what administrators and developers need to fulfill their specific tasks.