Trusting the cloud: The dangers of unencrypted data upload

clock • 2 min read

Moving to the cloud doesn't mean outsourcing your entire security infrastructure, argues Max Heinemeyer of Darktrace

alt=''

More than nine in 10 organisations are expected to adopt the hybrid cloud by 2020. While this transition is undeniably beneficial for most businesses - from start-ups to existing multi-national firms - it also brings with it its own risks.

Alongside the growth in cloud adoption, the challenge of securing critical data has taken on a new dimension. As internal servers are so commonly affected by malware infections or insider threats, there exists a common misconception that the data stored within the cloud is somehow more secure than the data resting on company fileservers. However, this is not necessarily the case - the information stored on cloud infrastructure may be just as (un)safe as any other corporate data store.

Much of this risk comes from the misconception of the network position of cloud servers themselves. Although rented out for use by the company and used every day as part of fundamental business purposes, connections to cloud servers (if not facilitated by a VPN or other strong encrypted channels) cross the perimeter of the network and traverse the public internet. This means that data uploaded to and from the cloud is a prime target for man-in-the-middle attacks, carried out by opportunistic actors hoping to sniff usernames, passwords, and other sensitive details that they could then leverage for direct corporate data theft.

The reality is that while organisations can outsource their IT services, they cannot outsource their security function altogether. In fact, protecting the cloud comes with its own challenges, with most of the existing native security controls and third-party security solutions suffering from significant limitations.

Visibility is crucial - before and during investment

A City Government in the USA had outsourced the storage of SQL databases to a cloud storage provider. However, it had not interrogated the protocols that the server employed by default to upload and download information. Addresses, phone numbers, vehicle registration plate numbers: the city government was uploading it all to the external database via unencrypted connections.

This highly sensitive data was intended for limited access by select employees within the city government, but the security oversight had made the data available to any attacker clued-up enough to park themselves on the perimeter of the network and collect the data-rich MySQL packets that came their way.

Darktrace Cloud detected an unusual SQL connection to a rare external IP from a desktop device within the company. This communication was verified as being SQL-related via packet capture, which then revealed the sensitive public data.

The customer was unaware of this vulnerability, which remained under the radar of its entire security stack. An attacker could easily exploit it to gather material for spear phishing attacks or potentially even identity fraud.

In order to lower risk and identify atypical or suspicious behavior, full visibility of all cloud services is critical, as hosting data on external servers can create dangerous blind spots and introduce subtle threats that circumvent traditional signature-based tools.

You may also like
Encryption backdoors violate human rights, says EU court

Privacy

Implications for EU's own efforts to regulate encryption

clock 16 February 2024 • 3 min read
'You have to encrypt everything': Public sector security in the zero-trust age

Public Sector

Years of high-profile breaches have spurred movement – at least overseas

clock 18 December 2023 • 3 min read
Apple could pull FaceTime and iMessage from UK over surveillance

Privacy

Apple threatens to withdraw services if proposed changes to the Investigatory Powers Act are implemented

clock 21 July 2023 • 3 min read
Most read
01

Intel splits in two, signs deal with Microsoft

22 February 2024 • 7 min read
03

Cambridge University hit by DDoS attack

20 February 2024 • 1 min read
04

Gemma: Google unveils open AI models

22 February 2024 • 3 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Security Technology

UK's biometrics commissioners steps down, signalling missteps

UK's biometrics commissioners steps down, signalling missteps

Home Office is ignoring new technologies

Muskan Arora
clock 31 January 2024 • 4 min read
Endpoint is the path of least resistance, says Threatlocker

Endpoint is the path of least resistance, says Threatlocker

IT Leaders Summit debates the true purpose of endpoint security.

Penny Horwood
clock 05 October 2023 • 2 min read
GitHub announces passwordless authentication trial

GitHub announces passwordless authentication trial

The trial can be considered a milestone in the long demise of passwords

Penny Horwood
clock 13 July 2023 • 2 min read