Security News > 2020 > September > Razer Gaming Fans Caught Up in Data Leak

Security consultant Bob Diachenko ran across a misconfigured Elasticsearch cloud cluster that exposed a segment of Razer's infrastructure to the public internet, for anyone to see.

"As more organizations adopt cloud-based tools to obtain a competitive advantage, the rate of cloud application usage increases in tandem. However, most organizations are not equipped to handle the security demands of the cloud. In fact, 86 percent of companies deploy cloud applications, yet just 34 percent have single sign-on solutions in place, demonstrating a massive gap in cloud adoption and necessary cloud-security solutions."

One of the issues at play is that developers have become accustomed to deploying apps in data centers with what could be described as a "Crunchy hard outer layer," to keep their data center secure.

When it comes to the public cloud, "It just doesn't exist that way," said Ryan Olson, vice president of threat intelligence with the Unit 42 research team, told Threatpost, adding that the shift is leading to poor cloud configuration choices, which in turn are leaving sensitive data exposed.

"Moving forward, organizations must take a more proactive and holistic approach to cloud security in order to identify and remediate misconfigurations and ensure sensitive data is secured. By implementing multi-faceted solutions that enforce real-time access control, detect misconfigurations through cloud security posture management, encrypt sensitive data at rest, manage the sharing of data with external parties and prevent data leakage, organizations can ensure the privacy and security of sensitive information."

News URL

https://threatpost.com/razer-gaming-fans-data-leak/159147/