UpGuard researchers found sensitive internal files inside several Cloudera cloud storage buckets, causing Cloudera to pull the cloud storage servers offline, despite initially claiming the servers were “open by design.”
UpGuard discovered multiple misconfigured AWS cloud storage buckets under the control of Hortonworks, an enterprise data processing company which completed a merger with Cloudera in January of 2019. Amidst terabytes of intentionally public files, however, were numerous system credentials and other internal developer information. UpGuard concluded that when so many directories and files of varying format are stashed away together, it becomes all too easy for something to be mistakenly put among them and remain unnoticed.
Many organizations do not have visibility into what their users are storing or moving into cloud applications. The reality is that properly maintaining cloud security is a complex and multi-tiered set of requirements. Even the best practitioners will remain challenged to cover all the bases on a continuous basis; these issues most frequently revolve around a lack of visibility into faulty controls, not a lack of effort.
In addition to leveraging solutions such as DLP to determine data compliance, security managers must be able to find and eliminate inadvertent public data shares. Almost daily there is a new report on an organization that has lost control of their data through innocuous means such as public sharing.