While many companies and individuals are using the Cloud as a lockbox for personal information, it’s become a one-stop-shop for hackers looking to steal data, according to Fast Company. Nowadays, hackers are sending bots to scour GitHub, a source code management system, to find the virtual keys to cloud systems.
As a result, cloud managers are trying to add an extra layer of protection to their Cloud storage banks. For example, HashiCorp now has an open-source tool called Vault, which stores and encrypts sensitive credentials, and tightly regulates who and what programs can access them, Fast Company says. The solutions also logs who accesses which data, and when. “In some cases, it can also generate temporary credentials that give people permissions to use Cloud resources for a limited time,” Fast Company says.
Amazon recently launched AWS Secrets Manager, “its own credential management tool,” which will help users utilizing Amazon, according to Fast Company. The tech giant also offers Amazon Macie, which “uses machine learning to detect unusual access patterns to cloud storage and uploads potentially sensitive data like access keys.” Amazon also took steps to prevent users from accidentally storing passwords and other important information by developing source code repositories, among other tools to wipe out credentials from existing code.
Other tools like UpGuard’s BreachSight “help detect if secure data is being sent and stored where it doesn’t belong,” Fast Company says. BreachSight combs the internet and alerts companies if any code, credentials and/or other personal data have been exposed.
Mike Baukes, cofounder and co-CEO, says that hopefully, tools like these will be included in future cloud computing contracts, which will give companies a leg up on cloud security from the get-go.
“What we’ll see over time is a lot of those services will just be bundled in for developers to use by default,” he told Fast Company.