How Misconfigured Cloud Applications Can Put Your Data at Risk (And What to Do About It)

No company wants to make the kind of headlines that Toyota faced recently. The announcement on the global Toyota website headline says it all: “Apology and Notice Concerning Newly Discovered Potential Data Leakage of Customer Information Due to Cloud Settings.” 

Toyota also announced that it had put a system in place to monitor cloud configurations. But the damage is done, with stories about the incident on almost every cybersecurity and IT website we scanned. 

Toyota’s Error Isn’t Uncommon

Cybersecurity Intelligence points out that inadvertently misconfigured cloud applications are common problems that put your data at risk. Misconfigured applications open the door for hackers to get to your company’s most valuable asset—its data—including client and personal employee information, financial data, supplier agreements, and more. 

Cloud misconfiguration is still considered one of the biggest threats to cloud security, with a post by Hackmageddon noting that in 2022 77.24TB of data was leaked due to misconfigurations in 38 security incidents. The article notes that AWS accounted for roughly 60 percent of breaches.

Ditch the Default Settings

How do these misconfigurations happen in the first place? There are plenty of reasons. Some are rolled out to serve the needs of a specific department or team. Their priorities may be more focused on solving the business issue than the need to integrate and interact with internal systems and endpoints securely. That often means the application is rolled out with default settings—which may seem sufficient at the time—to accelerate adoptions and solve the problem the application was built for.

Unfortunately, default settings tend to be too open and are easily exploited by attackers. One example is leaving a system account’s default password in place after deployment.

An inconsistent approach to configuring cloud applications is another issue. Changes may be made on an ad-hoc basis, so they aren’t necessarily replicated across all applications and systems. That makes it more complicated for you to try to fix configuration issues and can expose the data stored in these systems to breaches.

The lesson for everyone here is that IT should get involved early in any development process—even before any new cloud application is selected. That ensures the application is tested and meets the requirements of the configuration checklist defined by your organization. A centralized approach also helps you ensure configuration changes are carried out consistently across all cloud systems and properly documented.

Cloud Security and the Shared Responsibility Model

The tendency to leave default settings in place goes hand in hand with another consistent cause of security gaps in cloud services: A need for more awareness that data security is a shared responsibility.

While your service provider delivers the infrastructure—think AWS, Microsoft Azure, Google Cloud, or Salesforce—they only provide specific, foundation-level security. And the cloud vendor that delivers a particular application your organization uses may also offer another layer of protection. But ultimately, you, the customer, are responsible for ensuring your data is protected and always available.

With IBM finding that 45 percent of all breaches occurred in the cloud, you can never assume that your cloud data is protected. That’s why your organization needs to ensure you’ve got the protections in place to protect and recover your data.

Add SaaS Application Data Protection

Your SaaS applications likely generate some of your organization’s most precious data. But just last year, a misconfigured Microsoft Azure cloud storage resulted in data belonging to over 65,000 entities worldwide being leaked.  And in April, Google Cloud Platform closed a vulnerability that could have opened stealthy account backdoors. 

So how do you protect that precious data? Arcserve SaaS Backup is a cloud-native solution that offers complete protection for your data stored in Microsoft 365, Microsoft 365 Azure AD, Microsoft Dynamics 365, Salesforce, and Google Workspace. It’s simple to set up—in under five minutes—and gives you a single pane of glass for data management, with multi-tenant and role-based access controls (RBAC) for added security. 

With Arcserve SaaS Backup, your data is encrypted in transit and at rest, and data sovereignty is ensured with four copies of your backups stored in two different data centers within the same region. Your backups are saved in an immutable format using a blockchain-based algorithm for ransomware resilience. And the 30-day delete retention feature protects your data from accidental deletions. 

 To learn more about Arcserve SaaS Backup, request a free demo, or check out our 30-day free trial offer.

Safeguard All Your Data by Unifying Protection Across Infrastructures

Another option for protecting all your data—including your cloud data—is Arcserve Unified Data Protection (UDP) software. Arcserve UDP unifies protection and prevents cyberattacks across on- and off-premises workloads while increasing your data resiliency by simplifying the management of your stored data, whether local, virtual, or in the cloud. With Arcserve UDP, you can neutralize ransomware attacks, restore your data, and perform effective disaster recovery.

Learn more about Arcserve UDP by requesting a demo. And be sure to check out our 30-day free trial offer.

For expert help with protecting your data talk to an Arcserve technology partner.