Digital doors wide open?
An investigation by BNR Radio shows that at least 50 organisations have the backdoor of their cloud environment wide open. If this is already happening at Google, Microsoft and Amazon, it is not hard to imagine that others are also affected.
The reasons for all these leaks are simple; temporary settings are not reset, access is granted ‘briefly’ for testing and people forget to turn that access off again. You can think of dozens of examples like this. As companies and organisations exchange more and more data, a leak in one organisation can easily lead to abuse of an API that exchanges data with other connected organisations.
Strange events
The problem is that abuse of this kind of procedural error does not lead to strange events in management consoles. After all, they are ‘normal’ users working in systems where they should not (any longer) be. So monitoring events is not sufficient. Nor will your cloud vendor recognise these kinds of problems. BNR’s research therefore shows that these kinds of intrusions go unnoticed for a long time.
Salt Security
RestAPIs are increasingly being built and used, and because many organisations often do not have the procedures around their use and testing in place, this is one of the main ‘backdoors’ for cybercriminals. But how do you recognise that ‘something’ is going on with an API? AI and Machine Learning are playing an increasing role there. This is why Enable U’s integration experts work closely with Salt Security’s experts. By integrating our API Gateway with Salt Security’s software, anomalous behaviour of APIs is detected at an early stage. So that actions can be taken automatically before it is too late.
Procedural mistakes will always be made and you should not rely solely on your cloud vendor to spot these kinds of specific errors. Therefore, contact an integration expert from Enable U to take a look at how you can secure your environment even better. Because as this article does show, the burglars are often already inside. You just haven’t noticed it yet.