Google Further Strengthens its Cloud Security, Over 500,000 Car-Tracking Device Passwords Leaked and More in This Week’s News
Google Announces New Cloud Security Initiatives
Last week Google announced two new initiatives that are bound to further strengthen their presence in the cloud security sphere.
Forseti Security and Google Cloud Endpoints are the new frameworks that will be available to developers. The first, Forseti Security, is a joint effort brought forward with Spotify aimed to develop an open-source security toolkit that focuses on GCP security.
Forseti has three main features. It catalogues and informs developers about what’s present in their cloud. Then the Scanner feature offers both monitoring and warning systems. Last, the Enforcer feature makes sure that policy files and resources stay as intended, by detecting and fixing GCP resources discrepancies through Google Cloud APIs.
The second project, Google Cloud Endpoints, is meant to help developers better manage their APIs. It mainly deals with API keys and the way developers distribute them, by giving them control over JSON Web Tokens.
Google has been moving aggressively to boost their cloud security. The new tools in the cloud security toolbox are just confirming it.
Passwords for 540,000 Car Tracking Devices Leaked
Over half a million records from the SVR Tracking company have been leaked. The exposed data contains personal and vehicle data of both drivers and businesses using the service.
The wide open misconfigured Amazon web server was first discovered by Kromtech Security Center. The public storage bucket left publicly accessible a cache containing some 540,000 SVR accounts.
The leaked data contained email addresses and passwords, users’ vehicle data (VIN – vehicle identification numbers, and GPS IMEI numbers), as well as information on 427 dealerships that use SVR’s services.
The exposed database contained exact information about exactly in the car the physical tracking unit was placed. It is still unclear if the data was accessed by hackers.
Cloud Apps Growing in Popularity – 40% of European Organisations Uses Them
According to a recent research by IDC, 25% of EU businesses are using a hybrid approach to app hosting. The cloud, however, is becoming increasingly popular, with 40% of organisations claiming they keep on and off-premise environments separated.
IDC also found that 31% of businesses prefer hosting front-end tech on the public cloud, with back-end infrastructure on on-premise. The company also said it doesn’t seem as a sustainable model on the long run.
“Connecting cloud environments with ad hoc bridges in a hybrid fashion won’t be enough in 2018, (…) Nor will standardising on one external provider, at least for large or innovative companies. Developers and line of business require ‘best of breed,’ and the purchasing department wants to avoid being locked in.“
Giorgio Nebuloni, Research Director @ IDC European Infrastructure Group
The research has once again highlighted the need for businesses to embrace a multi-cloud strategy in order to optimize their app environments.
Viacom Leaves Data Up for Grabs on Unconfigured Amazon Server
A researcher from UpGuard recently discovered a misconfigured Amazon Web Server S3 cloud storage bucket with around 1GB of credentials and Viacom backend configuration files.
The exposed credentials could have easily been misused by hackers to bring down Viacom’s IT infrastructure. The available data could also have granted access to MTV, Paramount Pictures and Nickelodeon cloud servers.
The exposed data also contained Viacom’s master key to Amazon Web Services account, and the credentials required to build and maintain Viacom servers.
UpGuard contacted Viacom executives promptly. All the credentials have since been changed and the server has been secured. It’s still unclear if hackers were able to exploit the “up for grabs”. The media giant, however, claims there is no evidence of data abuse.
SAP Acquires Gigya to Bring Identity Management to its Hybris Suite
SAP announced the acquisition of identity management company Gigya. The deal, which has been widely reported to be worth some $350 million, is aimed to integrate Gigya features into SAP’s Hybris platform.
The move will allow Europe’s largest software company to further expand its e-commerce services.
“Gigya brings a wealth of skills and expertise that will significantly enhance the SAP Hybris Profile solution and allow us to take leadership of the emerging customer identity and access management market“
Carsten Thoma, President and Co-founder @ SAP Hybris
Gigya serves roughly 1.3 billion customers globally across sites that use its software to manage identities and profiles. The deal will ultimately enable SAP to track the details of where and how customers shop, whether it be online, in-store or through mobile apps.