What Can Cybersecurity Learn from Aviation? The Value of Public Cloud Storage Security Checklists

In aviation, pilots use pre-flight checklists to avoid catastrophic failures from human errors and misconfiguration. In cybersecurity, there are major cloud storage breaches that constantly occur because of misconfiguration. Cybersecurity professionals can learn from aviation to implement a cloud storage security checklist to avoid these costly errors, the latest example of which is likely caused by an incorrectly secured storage bucket.

Digital transformation and cloud migration trends have driven the adoption of public cloud infrastructures and storage, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform. As organizations transform on-premises applications into cloud services, valuable enterprise data has also moved into cloud storage.

When it comes to protecting enterprise data on a public cloud, most cloud service providers have adopted a “shared responsibility model,” which provides a framework to ensure security responsibilities are clearly defined between the cloud storage provider and the organization using the storage service.

For example, Amazon takes responsibility for “Security of the Cloud,” but expects its customers to take responsibility for “Security in the Cloud.” Microsoft Azure defines their shared responsibility model in a similar way. Generally speaking, the cloud provider will take responsibility for the physical hosting, network, compute resources, and datacenter; while its customers are expected to take responsibility for their applications, data, endpoints, accounts, and identities running on the cloud.

Unfortunately, there are many organizations that do not realize this is the case. Perhaps there is a breakdown in communication between departments, perhaps administrators have grown complacent, or perhaps it is simply a case of “you don’t know what you don’t know” or perhaps too much reliance on the big cloud players’ brand merits.
The reality is very simple and one of third-party risk, i.e. while using the cloud for applications or data storage you are really using ‘someone’s else computers and infrastructure’ and must verify they are properly configured and secure.

Whatever the case may be, even a simple cloud storage misconfiguration can leave an organization vulnerable to breach. In 2021, a misconfigured Amazon S3 storage bucket exposed the personally identifiable information of more than 3 million U.S. senior citizens. In another instance, a U.S. terrorist watch list with more than 1.9 million records was found exposed on unsecure cloud storage. There are dozens of these examples, most of them not published, but all the result of misconfiguration.

Making a List and Checking it Twice

The history of aviation checklists is incredibly fascinating. In 1935, Major “Peter” Hill, a chief test pilot for the U.S. Army was scheduled to test the Boeing 299, a four-engine prototype bomber. Major Hill was an experienced pilot, having flown nearly 60 different types of planes during his career. However, during his test flight of the Boeing 299, Major Hill immediately crashed the plane after take-off and was burned to death. The cause of the crash was not a structural failure, nor mechanical failure, but rather that Major Hill had not unlocked the controls of the plane which made it impossible to pilot.

After the crash, Boeing introduced the checklist as a mandatory tool for its pilots. Despite this tragedy, Boeing would continue on to manufacture more than 12,000 B-17 bombers for use in World War II and the U.S. Army would go on to train its civilian pilots with these checklists.

A World War II Bomber Checklist

Beyond the Checkbox – OPSWAT Secure Storage

The good news is that cybersecurity isn’t usually a matter of life or death, no matter how much the stress of the job makes it feel like it might be. But there is no reason that cybersecurity professionals can’t approach cloud storage security with the same vim and vigor of a fighter jet pilot to ensure the security of its data- especially when they store Personally Identifiable Information (financial, health and other) of customers, partners, and their own company information.

Implementing a cloud storage security checklist can help ensure that organizations are following best practices like least privilege, which has emerged as a guiding principle of Zero Trust security models. Automating this process with technology can help to avoid time-consuming and expensive manual errors.

MetaDefender for Secure Storage enhances its cloud storage security solution with an integrated security checklist, so that cybersecurity professionals can ensure their organization’s cloud storage is not misconfigured as it is provisioned which includes the development and production stages of cloud storage. MetaDefender also goes beyond the checklist, offering anti-virus Multiscanning of files to detect known threats, and Deep Content Disarm and Reconstruction (CDR) to prevent zero-day attacks hidden in files. Proactive Data Loss Prevention (DLP) provides an additional layer of compliance risk mitigation by identifying and masking PII (Personally Identifiable Information) and other sensitive data in stored files.

If you are ready to exercise your cloud storage security checklist, then mark your first checklist item complete — Contact OPSWAT today to learn how we can help!

Sign up for Blog updates
Get information and insight from the leaders in advanced threat prevention.