Why Cloud Security?
Breaches can or do happen in cloud, in fact breaches are happening in cloud. In Marriott Starwood Hotels data breach some 327 million guest records were compromised that contained information such as name, mailing address, phone number, email address, passport number, Starwood Preferred Guest accounting information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.
Note sure if you have heard about the below attacks
Capital One Data Breach wherein New York Times reported the damage at over 80,000 account numbers, 140,000 Social Security numbers, 1 million Canadian Social Insurance Numbers.
Who did it ?
A former Amazon software engineer from Seattle (CSP –Cloud Service Provider Employee )who had been operating online under the handle “Erratic” was arrested after hacking Capital One using a Server-Side Request Forgery attack (SSRF). Former Amazon Employee used the technique to obtain credentials for a role that had access to sensitive information stored in S3.
In cloud Security, we will learn certain best practices in regards to securing data; organizations stand a much better chance of ensuring their data is safe.
Another Breach in Hotel management systems
Autoclerk, a hotel reservations management system, had an unsecured Elasticsearch database hosted in AWS that exposed hundreds of thousands of booking reservations.
The system was heavily utilized by military personnel, and the exposed data revealed sensitive information about travel by military, including high ranking officers and troops being deployed.