For years now, companies exposing data via misconfigured cloud storage have been a dime a dozen. Over the last few years, reports of companies inadvertently sharing their data often came multiple times a week.

Exposed data typically included a company incorrectly setting the security of an Amazon Web Services Inc. S3 instance or an ElasticSearch installation. In some cases, it was simply a matter of a password not being set.

The occurrence of misconfigured cloud instances seems to have fallen. It could be a case of companies being aware of security issues around cloud storage and taking action accordingly.

But one thing that is clear: Companies continue to expose their data this way, according to findings outlined today by Rapid7 Inc. in its 2021 Cloud Misconfigurations Report.

The Rapid7 researchers studied 121 publicly reported data exposure incidents in 2020 to see if they could find some causes and circumstances. Of the 121 published incidents, 15 industries were represented among the affected organizations, with information, entertainment, professional and healthcare being the more represented in the data set.

In 2020, an average of about 10 incidents a month were reported and 62% of those incidents were discovered by citizen researchers rather than criminal attackers. Notably, 35% of those incidents were sourced from only two specific individual researchers.

The most commonly exposed data were datasets with credentials such as user names and passwords, personal financial information and healthcare information. The median data exposure was 10 million records, although one “mega breach” accounts for the exposure of more than 20 billion records.

AWS S3 buckets and ElasticSearch databases accounted for about 45% of all reported exposures throughout the year. The figures for both could be higher, since the researchers could not identify the compromised component in almost half of cases.

“To avoid suffering an incident from similar cloud misconfigurations, companies should prioritize the adoption of a new model of security that provides continuous enforcement of controls and ensures secure configurations of all cloud services,” the researchers wrote. “Note that this activity is not a ‘set it and forget it’ task, and all current and new cloud resources should be monitored and have policies enforced continually to avoid even a temporary exposure of these often dynamic environments.”

Photo: Wikimedia Commons