Partners said the importance of a thorough understanding of cloud security is front and center after a massive leak on an AWS server that exposed voting data on nearly 200 million people.
The data was exposed by a misconfigured database stored on a publicly accessible cloud server, hosted on Amazon Web Services' Simple Storage Service (S3). The exposure was first reported by UpGuard's Cyber Risk Team and discovered by Risk Analyst Chris Vickery.
The data exposed, more than 1.1 terabytes, includes personal information on more than 198 million American voters, including names, dates of birth, home addresses, phone numbers, voter registration details, and more.
An UpGuard report on the findings said the data repository, which was owned by Republican National Convention-contracted marketing firm Deep Root Analytics, "lacked any protection against access." The report said anyone with an internet connection could navigate to the "dra-dw" bucket then could download the contents of the data warehouse. UpGuard said there was an additional 24 terabytes of data stored that also had not been configured correctly.
"That such an enormous national database could be created and hosted online, missing even the simplest of protections against the data being publicly accessible, is troubling. The ability to collect such information and store it insecurely further calls into question the responsibilities owed by private corporations and political campaigns to those citizens targeted by increasingly high-powered data analytics operations," the UpGuard report said.
Michael Crean, president and CEO at Woodbridge, Va.-based Solutions Granted, said incidents like this highlight the need for customers to make more informed decisions when it comes to implementing security solutions and compensating controls when migrating to the cloud.
"This isn't just about the RNC or about AWS. This is truly about all cloud services. Many, many organizations, especially with Office 365 … are moving to the cloud, but a lot of people have not thought about security services when it comes to the cloud," Crean said. "I think an incident like this really starts to materialize what is happening out there … Events like this are 'a-ha moments' and provide validation to our customers that this is a real challenge."
While this incident is extensive, Crean said the challenge around cloud security is even more far-reaching. He said more and more small and medium businesses are migrating to the cloud for cost and efficiency benefits, but may not be aware of the security concerns of the cloud.
"This is truly the beginning," Crean said. "There is probably massive amounts of data leakage, and that will continue to happen. People need to wake up and remember that they are responsible for the choices they make on where they put their data … As consumers, we want to know our data is safe."