The majority of public cloud databases are unencrypted
Issues could leave critical information at risk from hackers
Research by RedLock has revealed 82% of public cloud databases are unencrypted, leaving them open to data theft. A third of public databases are also completely open to the internet, allowing hackers to gain access much more easily than private clouds, yet 40% of organisations using the environments leave their storage resources exposed to the public.
The recent MongoDB ransomware attack shows just how severe the issue is. Back in January, it was revealed by GDI Foundation security researcher Victor Gevers that hackers were exploiting databases that weren't set up correctly, and holding them to ransom.
RedLock's research supported these findings, discovering up to 4.8 million publicly available records holding sensitive data such as confidential health information and "personally identifiable information" that could be used by criminals to break into other services.
Unencrypted databases are a major issue, the company explained in its report, but there are other factors that leave public cloud databases open to attack, including businesses allowing employees access to sensitive applications, lack of user access controls being implemented and lack of security expertise in the developer team.
"Public cloud computing environments are incredibly dynamic—our research shows that the average lifespan of a cloud resource is only 127 minutes—and traditional security strategies can’t keep pace," said Gaurav Kumar, CTO of RedLock and head of the CSI team.
"Our report, which analyzed over one million cloud resources and twelve petabytes of network traffic, unmistakably shows the need for solutions that help manage security and compliance risks with ease, speed, and automation."
Cloud Pro Newsletter
Stay up to date with the latest news and analysis from the world of cloud computing with our twice-weekly newsletter
Why technology, cyber and privacy risk management are critical for digital transformation
Thank you for signing up to Cloud Pro. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.