WWE Breach Highlights Need for Better Cloud Security

The WWE (World Wrestling Entertainment) is used to being the one that does the jumping from the top rope and the body slams, but in this case it’s the WWE getting pinned to the mat. Researchers discovered that improper AWS configuration exposed personal information of more than 3 million wrestling fans.

Security researchers uncovered the data in publicly accessible Amazon S3 Buckets. Several gigabytes of data was improperly set to “Public” access, making it available for anyone to download. The exposed data contained names, email addresses, physical addresses, and demographic survey information that shared details such as education level, age, race, and the ages and genders of fans children.

Unfortunately, this is not a unique occurrence. Personal information of nearly 200 million registered voters was exposed when Deep Root, a Republican data firm, misconfigured a database on Amazon S3, and more than 6 million Verizon customers had their data exposed by a poorly configured Amazon S3 server as well.

These issues are becoming more common as more and more companies move servers, applications and data to cloud service providers. Human error is often to blame, but—to be fair—there is only so much humans can do even in a best-case scenario. Traditional vulnerability scanning and penetration testing simply can’t keep pace with a dynamic cloud environment, and it isn’t easy to find developers with the right knowledge and skills to properly implement AWS security best practices.

A cloud environment can change rapidly—faster than you can identify and remediate exposures manually. DevOps and containers rely heavily on open source components, which can introduce more vulnerabilities and can be more difficult to manage.

Effective cloud security requires visibility and action. You need to be able to continuously monitor the cloud environment and discover vulnerabilities and misconfigurations that expose you to risk before the attackers do. You must also have the ability to analyze data and make intelligent decisions to remediate risk in real time.

Legacy security solutions can’t provide adequate visibility and protection for critical assets in the cloud. Effective security requires a security solution that understands the cloud and works like AWS—providing the flexibility necessary to protect a dynamic environment. You can avoid getting pinned to the mat like the WWE by employing a cloud-native platform to provide continuous monitoring and intelligent remediation—something designed to eliminate the complexity of protecting your AWS cloud environment.

About the Author

Tony Bradley - Senior Manager of Content Marketing for Alert Logic

Tony Bradley

Tony Bradley is Senior Manager of Content Marketing for Alert Logic. Tony worked in the trenches as a network administrator and security consultant before shifting to the marketing and writing side of things. He is an 11-time Microsoft MVP in security and cloud and has been a CISSP-ISSAP since 2002. Tony has authored or co-authored a dozen books on IT and IT security topics, and is a prolific contributor to online media sites such as Forbes and DevOps.com. He has established a reputation for effective content marketing, and building and engaging a community and social media audience.

Connect | Email Me | More Posts by Tony Bradley