The Ivanti Threat Thursday Update for July 20, 2017: Cloud (In)Security

Greetings. Inadvertent exposure of customer data in the cloud leads the cybersecurity news this week. Read on for more, and please let me know what you think, about current cybersecurity events and/or this Ivanti Threat Thursday Update. Thanks in advance.

Dow Jones, Verizon, WWE Expose Customer Data in the Cloud

As eSecurity Planet magazine reported on July 19, Dow Jones, Verizon, and World Wrestling Entertainment (WWE) all fell victim to misconfigured Amazon Web Services (AWS) Simple Storage Service (S3) “buckets.” Those misconfigurations exposed information about millions of customers to almost anyone on the Internet.

“The names, addresses, account information, email addresses, and last four digits of credit card numbers of millions of subscribers to Dow Jones publications were exposed,” via an S3 bucket mistakenly configured to allow any authorized AWS user to download the data. Estimates of the number of exposed records range between 2.2 and 4 million.

Separately an S3 bucket mistakenly configured by a Verizon business partner exposed the personal information of as many as 14 million Verizon customers. Another misconfigured S3 bucket made the personal information of some 3 million WWE fans publicly accessible as well.

Such mistakes may be even more common than such reports indicate. “A recent Kaspersky Lab survey of 5,000 companies worldwide found that 46 percent of incidents in the past year involved an unintentional or unwitting cyber security compromise by employees — and in 40 percent of cases, the employees involved tried to conceal the incident after it happened, amplifying the damage.”

What We Say: Cloud-based resources can offer significant cost, performance, and security advantages over legacy, premises-based alternatives. However, legacy management and security solutions are not always “cloud ready.” Your enterprise must ensure that policies and technologies provide sufficient information to manage and secure those resources adequately. Your security and user education efforts must also extend to external business partners, who must be vetted regularly for compliance with your security policies.

IDC: Public Cloud Services Spending to Reach $266 Billion in 2021

International Data Corp (IDC) announced the latest update to its Worldwide Semiannual Public Cloud Services Spending Guide. Some key findings are summarized below.

  • “Public cloud services spending will reach $128 billion in 2017, an increase of 25.4% over 2016.”
  • “Although spending growth will slow somewhat over the 2016-2021 forecast period, the market is expected to achieve a five-year compound annual growth rate (CAGR) of 21.0%.”
  • “The United States will be the largest market for public cloud services accounting for more than 60% of worldwide revenues throughout the forecast and total spending of $163 billion in 2021. Western Europe and Asia/Pacific (excluding Japan) (APeJ) will be the second and third largest regions with 2021 spending levels of $52 billion and $25 billion, respectively.”
  • “Professional services, banking, and telecommunications are the three fastest growing industries worldwide over the forecast period, with banking and professional services also among the top 3 largest industries for worldwide spending on public cloud services.”
  • “Customer relationship management (CRM) applications and enterprise resource management (ERM) applications will account for more than 60% of all cloud applications spending throughout the forecast. Meanwhile, spending on Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) will grow at much faster rates than SaaS with five-year CAGRs of 30.0% and 29.7%, respectively.”

What We Say: Cloud computing is or soon will be a force to be reckoned with by IT and cybersecurity leaders and teams at almost every type of enterprise around the world. Wherever it is in its cloud computing journey, now is the time to ensure that your enterprise’s cloud spending includes investments in policies, processes, and technologies that can discover and manage cloud-based resources. Specifically, your enterprise must comply with cloud resource licensing requirements, and identify and rein in “stealth” or unauthorized cloud resource deployments.

Ivanti: Here to Help

Ivanti cybersecurity solutions enable defense in depth for your enterprise’s critical IT resources and data. For a limited time, select combinations of Ivanti cybersecurity solutions are available to new and current Ivanti customers at discounts of up to 30 percent. Check out the offer details, as well as the free trials of Ivanti patch management solutions we offer. Learn more about our solutions for protection against ransomware and malware, and optimizing your software and hardware assets. And keep reading our Patch Tuesday and Threat Thursday updates, so we can help keep you up to date on threats to your network and your business.

ransomware attack