Research by RedLock has revealed 82% of public cloud databases are unencrypted, leaving them open to data theft. A third of public databases are also completely open to the internet, allowing hackers to gain access much more easily than private clouds, yet 40% of organisations using the environments leave their storage resources exposed to the public.
The recent MongoDB ransomware attack shows just how severe the issue is. Back in January, it was revealed by GDI Foundation security researcher Victor Gevers that hackers were exploiting databases that weren't set up correctly, and holding them to ransom.
RedLock's research supported these findings, discovering up to 4.8 million publicly available records holding sensitive data such as confidential health information and "personally identifiable information" that could be used by criminals to break into other services.
Unencrypted databases are a major issue, the company explained in its report, but there are other factors that leave public cloud databases open to attack, including businesses allowing employees access to sensitive applications, lack of user access controls being implemented and lack of security expertise in the developer team.
"Public cloud computing environments are incredibly dynamic—our research shows that the average lifespan of a cloud resource is only 127 minutes—and traditional security strategies can’t keep pace," said Gaurav Kumar, CTO of RedLock and head of the CSI team.
"Our report, which analyzed over one million cloud resources and twelve petabytes of network traffic, unmistakably shows the need for solutions that help manage security and compliance risks with ease, speed, and automation."
