Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

Top Threat #8 to Cloud Computing: Accidental Cloud Data Disclosure

Home
Industry Insights
Top Threat #8 to Cloud Computing: Accidental Cloud Data Disclosure

Blog Article Published: 11/13/2022

Written by the CSA Top Threats Working Group.

The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of workloads, supply chains, and new technologies shifted the cloud security landscape.

This blog summarizes the eighth threat (of eleven) from the report: accidental cloud data disclosure. Learn more about threat #6 here and threat #7 here.

What Leads to Accidental Security Implications?

Although cloud adoption enables growth at a pace never seen before, the complexity of the shift to cloud, with diverse teams and business units, often leads to a lack of security governance and control. Increasing numbers of configurations for cloud resources in different CSPs make misconfigurations more common, and the lack of transparency and adequate network exposure can lead to unintentional data leaks.

Over 55% of companies have at least one database that is currently publicly exposed to the internet. Many of these use weak passwords or don’t require authentication, making them easy targets for attackers who continuously scan the internet looking for exposed databases. To prevent a breach, exposures must be fixed as soon as possible.

Business Impact

The ease of use of the cloud makes it extremely popular. However, this leads to some unfortunate business cost implications:

  • Exposure of databases that contain sensitive customer data, employee information, and product data result in unexpected expenses to forensic teams, customer support, and compensation to affected customers.
  • According to IBM Research in 2021, there are many indirect costs of data breaches. These include in-house investigation and communication, current customer loss, and future customer loss due to company reputation.

What Are the Key Takeaways?

Here are some key takeaways to consider to prevent unintentional data leaks:

  1. Review your PaaS databases, storage, and compute workloads hosting databases.
  2. Choose exposure engines that have full visibility of your cloud environment to identify any routing or network services that allow traffic to be exposed externally.
  3. Reduce access exposure by ensuring that databases implement least-privileged IAM policy, and assignments of this policy are controlled and monitored.

Example

In January 2021, a VIP Games cloud misconfiguration exposed 23 million records of over 60K users containing personal information such as emails, usernames, device details, IP addresses, and more. WizCase researchers found that this data was publicly accessible, and available to anyone without any gated protection. If the data had been viewed by attackers with malicious intent, it could have left users vulnerable to theft, fraud, and scamming.

Learn more about this threat and the other 10 top threats in our Top Threats to Cloud Computing Pandemic Eleven publication.

Top ThreatsIdentity and Access Management

Share this content on your favorite social network today!

Latest from CSA
Join AT&T Cybersecurity in Chicago
The State of AI and Security Survey Report
CSA's STAR: The Key to Cloud Security & Compliance
Trending This Week
#1 The 5 SOC 2 Trust Services Criteria Explained
#2 What You Need to Know About the Daixin Team Ransomware Group
#3 Mitigating Security Risks in Retrieval Augmented Generation (RAG) LLM Applications
#4 Cybersecurity 101: 10 Types of Cyber Attacks to Know
#5 Detecting and Mitigating NTLM Relay Attacks Targeting Microsoft Domain Controllers
Level up with Cloud Infrastructure Security Training
Related Articles:
AI Hallucinations: The Emerging Market for Insuring Against Generative AI's Costly Blunders

Published: 04/23/2024

Breach Debrief: The Fake Slackbot

Published: 04/22/2024

Do You Know These 7 Terms About Cyber Threats and Vulnerabilities?

Published: 04/19/2024

Are You Ready for Microsoft Copilot?

Published: 04/19/2024