Written by:
Matthew Delman Data is currency in the modern connected world. Whether it’s identity information for credit card fraud, stolen credentials for initial access, or intelligence for nation-state attackers to use for furthering their government’s goals. The point being that data and the tools used to store that data are under constant assault from malicious actors who want to exfiltrate that information and use it to achieve their goals.
Because of this, securing data under the tightest possible protection has always been a priority. The rise of cloud-based data storage has complicated these efforts, requiring new security tools and new procedures to ensure that only authorized users have access to critical corporate and personal information.
The recent breaches of Snowflake implementations at more than 165 companies and rising exemplifies the challenges. The company itself has not been compromised, so this would not qualify as a supply chain attack (unlike the 2020 Solarwinds incident) and yet it stands to be no less damaging.
This blog will examine the continuing fallout of the Snowflake attack and offer guidance for companies seeking to ensure their cloud-based data stores remain secure.
Overview of the Attack
In late May, reports surfaced that Snowflake had been breached and customers Ticketmaster and Santander experienced extensive data loss from the incident. It has since come to light that the attack was not directed at Snowflake itself, but rather at the deployments of the cloud-based data storage software at its customers.
Snowflake has gone on record in multiple outlets, such as Wired, that the data loss did not result from a vulnerability in their systems. According to reporting from The Register, this appears to have been verified by the ShinyHunters cybercriminal group responsible for the attack.
Snowflake has not historically required multi-factor authentication by default on its user accounts. This lack of MFA as a standard default means that threat actors who steal user names and passwords can easily infiltrate Snowflake databases where MFA is not turned on. According to Mandiant, who Snowflake engaged to respond to the incident, threat actors have targeted Snowflake customers with single-factor authentication and used the stolen credentials to exfiltrate extensive amounts of data.
Snowflake has now started to require customers to implement multi-factor authentication on all user accounts in response to the attack.
Strong Cloud Data Security Is Absolutely Vital
As it stands today, around 60% of corporate data is stored in the cloud. The expectation is that this amount of data will grow over the next few years, and in fact has already doubled since 2015. Storing corporate data in the cloud has gone from something on the bleeding edge to basically table stakes for the vast majority of corporate entities outside of a very few in highly regulated industries.
Protecting corporate data in the cloud is paramount for a number of reasons, not least of which is that regulatory schema worldwide like GDPR in Europe and CRPA in the United States levy hefty fines against corporations who do not comply with data security best practices.
There have been no investigations yet from regulators into data security practices as a result of the Snowflake data breaches, but it’s only a matter of time before someone decides to start looking into other practices. Since Snowflake customers were using only single-factor authentication on these databases, it stands to reason that regulatory fines are likely incoming following those investigations.
Ensuring that only authorized users have access to critical data through a combination of strong identity and access management and tracking data access requests is thus crucial. Not only from a business continuity perspective – attackers can easily disrupt business operations in the face of lax security – but also because doing so avoids regulatory fines that can be substantial.
How Sotero Augments Data Security Best Practices
The Sotero platform takes a data-centric approach to defending cloud data. This approach prioritizes data security instead of focusing on where data is stored. It involves a comprehensive strategy to safeguard data at every stage – in transit, at rest, and in use. This is necessary in a world where traditional perimeter defenses are insufficient and cloud data may be stored in any number of databases with varying security. The significance of this approach lies in its ability to provide robust protection against a wide range of cyber threats, directly addressing the vulnerabilities inherent in modern data ecosystems.
Additionally, Sotero leverages Data Security Posture Management (DSPM), which involves continuously monitoring, assessing, and enhancing data security posture across all environments. DSPM ensures that data security measures align with the evolving threat landscape, compliance requirements, and basic best practices. The benefits of DSPM include enhanced visibility into data security risks, improved compliance with regulations, and a more resilient defense against cyber threats.
As storing critical enterprise data in the cloud becomes more commonplace, and threat actors continue to seek out organizations with lax practices, securing data in transit and at rest becomes even more vital. Deploying data-centric security like Sotero is thus vital in an environment where ransomware becomes more common and data breaches result in even greater damages to consumers and businesses alike. Sotero’s data-centric security platform can help solve these challenges and protect companies now and in the future.
To learn more about Sotero, request a demo today.