The WWE (World Wrestling Entertainment) is used to being the one that does the jumping from the top rope and the body slams, but in this case it’s the WWE getting pinned to the mat. Researchers discovered that improper AWS configuration exposed personal information of more than 3 million wrestling fans.
Security researchers uncovered the data in publicly accessible Amazon S3 Buckets. Several gigabytes of data was improperly set to “Public” access, making it available for anyone to download. The exposed data contained names, email addresses, physical addresses, and demographic survey information that shared details such as education level, age, race, and the ages and genders of fans children.
Unfortunately, this is not a unique occurrence. Personal information of nearly 200 million registered voters was exposed when Deep Root, a Republican data firm, misconfigured a database on Amazon S3, and more than 6 million Verizon customers had their data exposed by a poorly configured Amazon S3 server as well.
These issues are becoming more common as more and more companies move servers, applications and data to cloud service providers. Human error is often to blame, but—to be fair—there is only so much humans can do even in a best-case scenario. Traditional vulnerability scanning and penetration testing simply can’t keep pace with a dynamic cloud environment, and it isn’t easy to find developers with the right knowledge and skills to properly implement AWS security best practices.
A cloud environment can change rapidly—faster than you can identify and remediate exposures manually. DevOps and containers rely heavily on open source components, which can introduce more vulnerabilities and can be more difficult to manage.
Effective cloud security requires visibility and action. You need to be able to continuously monitor the cloud environment and discover vulnerabilities and misconfigurations that expose you to risk before the attackers do. You must also have the ability to analyze data and make intelligent decisions to remediate risk in real time.
Legacy security solutions can’t provide adequate visibility and protection for critical assets in the cloud. Effective security requires a security solution that understands the cloud and works like AWS—providing the flexibility necessary to protect a dynamic environment. You can avoid getting pinned to the mat like the WWE by employing a cloud-native platform to provide continuous monitoring and intelligent remediation—something designed to eliminate the complexity of protecting your AWS cloud environment.