Avoiding storage data leaks and PII regulation noncompliance
A recent data breach at a large clothing retailer owned by Walmart led to the exposure and leakage of private data of 7 million end-users.
Threat actors hacked into a backup file stored on a 3rd party cloud platform and stole critical PII (Personally Identifiable Information) data like credit card numbers, encrypted passwords and history, contact information - addresses, phone nos. etc. This stolen information was then shared online where other hackers could use it to target more sites.
This raises the much more serious issue of ensuring data safety when it’s stored on 3rd party cloud storage providers. The Covid19 situation has forced companies to use shared storage capabilities, not only as backup but also for their day-to-day storage, as they adapt to provide WFH options to their employees.
As the common joke states – ‘A cloud basically means other people’s computer’. How can you be sure that your stored information is totally safe? Well… you can’t.
Relying on the host provider for security is both naïve and irresponsible. A good example of how responsibilities for security are shared between the customer that owns the data and the cloud storage provider can be found in Microsoft Security Best Practices for Azure storage:
One very efficient way to avoid PII data leaks is to scan files before they are uploaded to the cloud and take a few additional security measures according to their content and context. For example:
- Use DLP (Data Loss Protection) to identify personal data (PII) in files before they are uploaded and stored in the cloud
- Use CDR (Content Disarm and Reconstruction) on any file saved to the cloud to verify it does not carry any malicious ‘payload’ that is aimed to steal information
- Take remediation actions on the scanned files to:
- Obfuscate/’mask’ PII data – for example replace or mask credit card
numbers with XXXXXXXXXXX - Encrypt all files with PII data before they are uploaded to any cloud storage
- Obfuscate/’mask’ PII data – for example replace or mask credit card
OPSWAT designed MetaDefender for Secure Storage to cover the security holes for files and data uploaded to the most common cloud storage providers like AWS(S3), OneDrive, SharePoint, Azure, Box, Dropbox, Google drive and more.
The easy to integrate solution helps you secure and protect your mission critical data (whether stored on the cloud or on-premises) before it can be targeted by hackers, and helps you meet regulatory compliance requirements.
- ファイルアップロードの保護 – 10 のベストプラクティスで サイバー攻撃を防御
- MetaDefenderによる世界で最も危険なマルウェアEmotetの防御
- OPSWAT Expands Global Availability of Critical Infrastructure Protection
- OPSWAT Announces Expansion of Cybersecurity Training Program
- Avoiding storage data leaks and PII regulation noncompliance
- How OPSWAT Can Help Detect and Prevent the VMware WorkSpace ONE Access exploit (CVE-2020-4006)
- Protecting Critical Infrastructure from Advanced Cyberattacks
- MetaDefender Cloud Hash Reputation Database Now Exceeds 40 Billion
- OPSWAT Continues to Expand OESIS Framework with New Partners
- 6 Potential Security Gaps in File Transfer Process for Critical Infrastructure