Skip to content
  • Fortra-Logo-TM-SkyBlue
  • File Sharing & DRM Blog
    • Digital Rights Management
    • Secure File Sharing & Compliance
    • Intellectual Property Protection
  • Partners
  • Company
    • About Us
    • Leadership
    • Careers
    • Contact Us
  • Support
  • Contact
  • Search
yH5BAEAAAAALAAAAAABAAEAAAIBRAA7
  • Why Vera?
  • Product
  • Solutions
    • By Industry
      • Manufacturing
      • Media & Entertainment
      • Financial Services
      • Venture Capital & PE
      • Technology
      • Healthcare
    • By Technology
      • DRM
      • Data Classification
      • DLP
      • Secure File Transfer
      • CASB
      • Office365
    • Column 3
  • Customers
  • Resources
  • Pricing
  • Book a Demo
    Book a Demo
Vera  »  File Sharing & DRM Blog  »  Intellectual Property Protection   »   Don’t Rely on CASB – Cloud Misconfiguration Leads to More Breaches
Back to File Sharing & DRM Blog
PrevPrevious Post
Next PostNext

Don’t Rely on CASB – Cloud Misconfiguration Leads to More Breaches

  • January 14, 2021
  • Kathy Stershic

With widespread adoption, security for both public and private clouds is much improved over the technology’s early days. Cloud Access Security Brokers (CASB) are popular tools to help secure organizations that are accessing public cloud applications. But a CASB provides only point-in-time, localized security that can’t prevent loss of control over cloud-based data after it’s been accessed.  That increasingly happens through a different challenge – cloud misconfiguration.

Verizon’s 2020 Data Breach Investigations Report (DBIR) found that cloud misconfiguration errors are among the top 5 actions that cause breaches. Gabriel Basset, a Verizon senior information security data scientist, noted that the trend picked up considerably this year. Other research published by McAfee in September 2019 noted that the “majority of IaaS misconfigurations go unnoticed. Only 1% are reported, which may suggest countless companies  unwittingly leak data.”

Yet while Verizon says cloud misconfigurations lead to more breaches than exploits, vulnerability scanning typically remains the bigger organizational security practice. That could be because many Chief Information Security Officers (CISOs) don’t fully understand their team’s role in the shared responsibility model that most leading cloud providers maintain. Providers must protect their hardware and software infrastructure, but customers must protect the data they put there.

How Cloud Misconfiguration Happens

When deployment of cloud workloads (like IaaS, PaaS, SaaS, containers and serverless), and cloud security services (like networking, encryption, WAF and SIEM) are not automated, configurations are done manually, increasing the chances for human error. Default configurations can also cause problems.

For example, the Box breach from March 2019 that left hundreds of thousands of sensitive documents exposed was actually the result of a default setting that was easily exploited by security researchers. While it worked exactly as designed, the Box deployment was misconfigured by users. Box security is improved since the company changed those default settings. To its credit, AWS now also proactively scans customer accounts to warn customers of any misconfigurations that may surface.

Other common errors include insufficient access restrictions, not following internal security policies, and failing to audit resources. But while some may like to “blame the victim” for not adequately securing access to their data, even firms who are highly sophisticated and mature in their security approach can still get hacked―attackers these days are very resourceful.

Taking Security to the Data Level

Consequently, protection needs to get down to the data itself. A variety of market solutions address file and content protection across various third party repositories. Most are well-suited to defending static data. But it’s equally important to factor protecting data in motion into the solution. Given the extent to which data-sharing with third parties happens, one simply can’t anticipate where sensitive data might end up.

Further, protecting data in the cloud must be approached as part of a robust ecosystem of security technologies, rather than as a vendor-specific or niche concern. Data-level defense needs to integrate with varying parts of a complex security infrastructure. It needs to readily work with other important stack components like data classification, data loss prevention and activity monitoring products.

VERA’s trusted architecture makes it easy for organizations to secure a variety of file types in the cloud. That includes any files that are accessed because of cloud misconfiguration. Our powerful platform protects structured and unstructured data through encryption, access control, and dynamic policy that dictates what users can and cannot do with the data – when they have authorized access and when they don’t.

Easily integrating with existing business productivity, collaboration and security systems, VERA protects any file type, in the cloud or on-prem. That includes encryption for files in commonly used platforms like Dropbox, Box and Google Drive. When a cloud misconfiguration happens, VERA lets you rest assured that your data is still secure, fully track-able and, most importantly, revocable – any time, anywhere.

Recent Posts

  • PII Compliance Checklist: How to Protect Private Data January 26, 2023
  • How to Prevent Third-Party Vendor Breaches January 17, 2023
  • How to Prevent Data Loss in 10 Different Ways December 19, 2022
  • The Complete Guide to Brand Protection December 15, 2022
  • Top Benefits of Cloud-Based Access Control November 30, 2022

Learn where DRM fits in your data protection strategy

Get started

Keep your most sensitive data in the right hands​

Schedule a demo
PrevPrevious Post
Next PostNext

Featured Blog

  • July 14, 2021
Heads up! New Canadian Data Privacy Act is Around the Corner
  • January 14, 2021
Enhancing Zero Trust beyond identity to data itself
  • January 14, 2021
How to Manage Data Risk in the Finance Function

News

Press

Events

Awards

File Sharing & DRM Blog

Digital Rights Management

Secure File Sharing & Compliance

Intellectual Property Protection

Follow Us

Twitter Linkedin-in Facebook-f Youtube
Copyright © Fortra, LLC and its group of companies. All trademarks and registered trademarks are the property of their respective owners. Terms of Service |  Privacy Policy  |  Cookie Policy  | Contact Us