How to Prevent Accidental Data Exposure in the Cloud

Jun 30, 2017
3 minutes

In the last month, there have been several security news headlines highlighting incidents of accidental data exposure in the cloud. In some cases, portions of organizations’ most sensitive business and customer data were inadvertently exposed and left unprotected. That data loss could result in costly compliance violations and be detrimental to the business, especially if it were to find its way into the hands of a cybercriminal.

Accidental data exposure is risky. But as scary as the problem is, there are ways to ensure data loss prevention (DLP) in the cloud without sacrificing business productivity. Let’s explore the threat in a bit more detail and the steps you can take to protect yourself and your business.

Accidental Data Exposure – What’s So Risky?

Your users have good intentions (well, except for those malicious insiders). But they’re now used to an environment where they can access any application they want, from any device they want, from anywhere they choose, with little regard for the security risks involved. And with cloud and SaaS applications, which are specifically designed for easy sharing, the risk of data becoming unintentionally shared or exposed is often quite high. For example, an email with a shared link could be forwarded and eventually make its way outside of the organization. Similarly, the user sharing the file in the first place might accidentally click an incorrect email address when the application attempts to autocomplete. All you can do at that point is hope that the mistake doesn’t result in a security or compliance faux pas, or worse.

In addition, source code threats can be quite problematic. Engineers often hard-code user credentials into their API keys for third-party cloud services, such as Amazon Web Services (AWS), using source code, which is then uploaded into a web-based repository service, like GitHub. If leaked or breached, the source code provides an attacker with everything required to hack the AWS account, the API key and legitimate user credentials – all wrapped together with a neatly tied bow. Once inside, an attacker can mine for sensitive data with the intent to auction it off to the highest bitcoin bidder.

Spotlight: Shared Links

A shared link is a URL that leads any recipient directly to a specific folder or file. Users can create and share links as needed; and the content contained within will be accessible by anyone, intended or not, if the permissions are not set correctly.

How Can You Protect Yourself and Your Business?

There are steps organizations can take to prevent accidental data exposure, and other common cloud and SaaS threats:

  1. Do a self-assessment.
  2. Get the right tools to ensure data loss prevention (e.g., app discovery, data classification and monitoring, content matching, machine learning).
  3. Implement an ongoing feedback loop.

Get your copy of the Comprehensive Data Security In The Cloud eGuide for more information on each of the steps listed above.

At Palo Alto Networks, we take a platform approach to addressing data loss prevention in the cloud. Rather than relying on disparate point products, our prevention-focused Next-Generation Security Platform extends and enforces existing enterprise security tools and policies across the cloud to mitigate risk and prevent inadvertent data loss and exposure.

Learn More: Comprehensive Data Security In The Cloud eGuide

Subscribe to the Newsletter!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.