Information leakage detection in cloud storage
The convenience of cloud storage has been appreciated by both ordinary users and business structures. The sector is growing at a rapid pace: in 10 years, more than half of all private and corporate information will be stored on the cloud. However, cloud security settings do not yet guarantee complete protection of confidential data.
What are cloud services
Cloud storage usually hosts large files, such as software products. Remote storage saves space on desktop computers and does not overload RAM.
Popular cloud services include:
- foreign storages such as Dropbox, OneDrive, Google, iCloud;
- public Russian cloud services Yandex.Disk, Cloud Mail.ru and others;
- repositories owned by social networks and communication providers;
- cloud versions of corporate software, for example, accounting software;
- cloud mining services;
- cloud platforms - powerful computing resources on remote servers used by specialists from research and development institutions.
Users at risk
A significant part of cloud services is publicly available, so companies that care about security use "clouds" mainly for processing or transferring large amounts of data, and not for storing important corporate information.
Due to improper storage of information, in the first place, they risk losing data:
- ordinary users who create archives in public databases;
- users of social networks, whose personal data, photos, correspondence history and other information from accounts are stored in cloud storage;
- users of any electronic services that require entering personal data or credit card information;
- users of mobile devices, if information about calls, movements, interests is stored with the provider;
- entrepreneurs who store information in the "clouds" of CRM systems and in accounting programs: databases, archives of financial and accounting statements, information about assets, account numbers, transactions;
- users who use cloud platforms for cryptocurrency mining.
Statistics of leaks and incidents in the clouds
Even such large and popular cloud storages as Dropbox and Amazon are not immune from data leaks. In 2016, an incident was publicized when hackers stole the personal information of 68 million Dropbox users: names, passwords, mailbox addresses. The reason for the large-scale leak was that the administration of the service had not installed protection against the Google search engine on the databases. However, the resource and users were in luck: the cybercriminals did not use the information for criminal purposes, and most of the customers did not even know about the leak.
The incident, as a result of which attackers stole the personal data of 93 million Mexican voters hosted on Amazon servers, was also without consequences. Personal information was not used for criminal or commercial purposes. The reason for the leak in this case was the negligence of Amazon employees, who, when updating the network configuration, sent the data over the redundant network, and not over the main transmission channel.
Apple has long kept a history of client locations on its servers. However, the way of storing information was unsafe, which naturally caused the outrage of users. A series of high-profile scandals forced the company to strengthen its protection measures.
Types of threats
Experts divide the threats of information loss from cloud storage into two groups: information loss and data leakage from cloud services.
The first group includes technical and operational problems, but they only concern small projects. Large service providers copy and back up data many times, store information on servers located on different continents. Therefore, information leakage from cloud storages used by large companies is much more likely. Among the reasons for data loss, experts in the field of information security distinguish:
- account hacking and outright theft;
- vulnerability of interfaces and APIs in provider systems;
- massive and targeted DDoS attacks - hacker attacks aimed at bringing the system to failure;
- actions of insiders in companies - service providers or providers that have official access to data;
- vulnerability of information transmission channels, especially mobile traffic;
- the negligence or negligence of the provider, which is not contractually bound to the user and is not liable under the law.
Professional attacks aimed at disrupting a provider's system are not based on a few techniques. These are attacks on the hypervisor - a key element of the storage system, attacks on management systems and exploiting the agility of virtual machines.
Multiple service vulnerabilities have led the public sector to completely abandon the use of clouds. Individuals and businesses alike have to choose whether to put up with threats or stop using cloud services, despite the benefits and convenience. Moreover, for small companies it is sometimes even safer to store information in the "cloud" than on their own servers, which are vulnerable from the inside.
Most often, companies use combined storage methods: less valuable and more voluminous information is placed in the "cloud", and trade secrets or know-how - on internal, more secure resources. When choosing a cloud storage, possible risks and the degree of data security are taken into account. Identifying possible leaks through cloud storage has become one of the stages of risk management. Combined protection uses specialized solutions and tools that track unusual activity of storage administrators in a networked environment.
Leak detection
To check the security of cloud storage from information leaks, you need to analyze the technical equipment and management processes of the company. The cloud service reliability checklist includes a definition of:
- categories, locations and degree of protection of equipment;
- technologies for protecting equipment from voltage surges, power redundancy;
- methods of encryption and protection of transmitted information;
- procedures for creating backup databases, frequency and storage locations for backups;
- the location of the data storage service and the key management server, which must be located in different places, which is primarily required for cloud computing and mining, as it provides protection from entering by using password guessing;
- personnel qualifications;
- standards and regulations of the service.
Depending on the industry, companies may also need to establish under what circumstances and on what grounds a provider is willing to provide customer information to auditors.
After starting to work with the cloud service to identify leaks, you need to regularly scan the data on the "cloud". For this, programs such as Data Discovery are used, which reveal information that is stored or transferred in the system in violation of established rules.
Professional methods of obtaining data from the cloud
Hackers and forensic scientists use several methods to obtain information from the "clouds" and databases of social networks. For example, programs like UFED Cloud Analyzer. Such software allows you to quickly obtain information from storage, organize data and format the array for use as forensic evidence.
The Oxygen Forensic Suite software works on a similar principle, which easily extracts passwords, tokens and other information from smartphones that are used to log into Internet resources.
Protection methods
Preventing information leakage from cloud storage can only be done by abandoning the use of "clouds". Russian legislation obliges providers, when transferring personal data, to warn users about the extent to which the protection of the transfer complies with statutory standards. But this does not always help.
Documented providers are not responsible for the disclosure of trade secrets, and user agreements for the provision of services do not contain clauses that guarantee the safety of information by the developer.
Cloud storage operators themselves, who are interested in attracting and retaining customers, combine various elements to ensure reliable data protection:
- hash passwords using bcrypt cryptographic technology or SHA-1 algorithm, so the data is more difficult to decrypt;
- use external servers of separate providers that generate keys;
- encrypt stored information;
- use virtual private network (VPN) tunnels to transfer traffic - they create a reliable and secure network based on an unprotected one;
- report on security protocols and refine them for large clients.
Providers also recommend that users receive security certificates in case of threats, completely renew credentials, generate new API keys and OAuth authorization protocol tokens.
When working with cloud storage, companies are advised to:
- independently encrypt information using modern software, decrypt files only on their own servers, store in sealed containers with an additional password;
- use two-factor identification to access critical information;
- conclude additional agreements on the safety of important information and liability for leakage;
- teach employees how to work with databases, recommend creating only protected accounts with complex passwords, regularly change passwords, control work with databases before granting access;
- download files to servers through browsers, not just through client applications.
Protection against information leaks should take into account both internal processes in the company and work with external resources. It is important to choose the right cloud storage, do not place important information in the "clouds" and regularly check the reliability of protection against leaks.
15.12.2020
