Several studies have found that the number one cause of cloud-based database servers being left exposed online is misconfiguration. The main cause of misconfigurations is the complexity of firms’ cloud environments followed closely by lack of education and training. One study found that nearly 60% of all exposed cloud-based database servers were MySQL servers.
Misconfigurations Afflict Cloud Security
Cloud adoption has doubled over the past two years. With this has come an increase in news reports covering data breaches originating from misconfigured cloud-based database servers. Data breaches that have led to large volumes of sensitive and private data being leaked online.
Last month, Censys, a security firm specializing in censuses, conducted a scan of various cloud providers. The aim of the scan was to ascertain what types of servers were being left exposed on the cloud. According to the resultant report published this week, Censys found over 1.93 million databases left exposed on cloud-based database servers. Some of these servers were not protected by firewalls, while others didn’t even employ appropriate password protection. The latter either used weak passwords or no password at all, exposing their contents to anyone who discovered the server’s IP address.
However, the main issue was server misconfigurations. Cloud Security Alliance (CSA), a not-for-profit organization providing companies with guidance on the adoption and use of cloud computing, conducted a study last year. The study found that companies are aware that misconfigurations are their primary risk in terms of cloud security. Its latest survey found that “58 percent of respondents are concerned about security in the cloud, while misconfigurations are one of the leading causes of breaches and outages…”
Cause of Cloud-Based Database Server Misconfigurations
Although companies are aware of the issue, thus far many have been unsuccessful at avoiding server misconfigurations. The cause of this is manifold. One cause is the fact that firms tend to use solutions from multiple cloud providers. As cloud providers don’t all use the same controls, default configurations or vocabulary, this can cause confusion.
Furthermore, using multiple cloud providers also creates additional complexity. In a study by Sonrai Security, 53% of respondents stated the complexity of their cloud environments was the main cause of security issues.
Another main cause is lack of education and training, with 45% of respondents citing this as a problem. This is despite increased guidance from major cloud providers and numerous outreach and education programs. Staff seem to lack knowledge of cloud providers’ security controls and their intended functions.
Other reasons cited by respondents for cloud-security issues include not enough IT and security staff (43%) and human error (29%).
MySQL Databases Most Exposed
During Censys’ research, the company scanned the internet for exposed internet facing MySQL, Postgres, Redis, MSSQL, MongoDB, Elasticsearch, Memcached, and Oracle databases. It found that almost 60% of all exposed cloud-based databases were MySQL databases. This percent accounts for 1.15 million of the total 1.93 exposed databases.
Furthermore, Censys found that users of services from the cloud provider OVHCloud, were more likely to expose MySQL databases than users of other cloud providers. OVHCloud is a French cloud provider that offers Virtual Private Servers (VPS), dedicated servers and web services.
This study and others find that the problem of misconfigured servers is likely to remain a big risk for companies going forward. In the past, large companies like Microsoft and Honda all exposed sensitive consumer data through server misconfigurations. And this trend will probably continue.