By Fei Huang
A lot of people were shocked by the recent top headline “Cathay Pacific Cyber Attack Is World’s Biggest Airline Data Breach.” Looking at the past breaches reported by British Airways and Delta Air Lines, it pains me greatly that every couple of months or even weeks we are hearing such bad news. To make things worse, Cathay Pacific took 7 months to alert passengers to the massive data leak.
At the AWS Summit Hong Kong in 2017, it was reported that Cathay Pacific was in the process of replacing their legacy systems in their move to a hybrid cloud infrastructure. The airline is reportedly using software from RedHat to build the underlying open platform infrastructure, and using Amazon Web Services to hold customer-facing applications such as the online check-in system, flight schedule, fares and web hosting. The front-end applications are migrating to modern cloud services or micro-services that will be accessing customer data at the back-end.
Cathay Pacific didn’t disclose the details of the origin of the attack. But it was said that there was malicious network activity which happened in their internal network. Actually, a lot of enterprises are lacking the tools to lock down their internal environments, for example the databases that hold sensitive customer information. Most traditional security solutions focus on protecting the front-end or entry to data center, but in a cloud and container based environment the internal systems and networks must be protected as well.
Traditional platform security solutions also rely too much on built-in scanning capabilities that report numbers of known vulnerabilities or produce a compliance report. But once a security flaw is accidentally introduced in database code by a developer, or if a new zero-day network threat hits the service, the attack quickly becomes an insider attack within the data center.
Here is a snapshot by breachlevelindex.com which tracks world wide data breaches:
These top breach sources can tell us something about the weakness of today’s defenses:
Cloud applications based on containers are growing faster and faster, with almost all enterprises including Cathay Pacific deploying containers to their private/public/hybrid cloud. At these enterprises most basic security protections are already in place, for example scanning, CIS benchmarking, image assurance, encryption, compliance and so on. But this is really not enough; they can’t efficiently address the top runtime breaches in a modern cloud deployment.
In a production Kubernetes environment security has to be integrated deeply with a container native security mesh. This is the best way to achieve defense in depth. We are experiencing an exciting technology revolution era, with cloud services and where data are available everywhere 24×7 all the time. It makes sense that the same requirements should apply to security protections on around these services.
I know I will still fly with Cathay Pacific airline, but at the same time I hope companies, especially large enterprises could make it their top priority to include cloud security products and their security teams when adopting new cloud native architectures.
Finally, I would like to say that cloud security issues are impacting everyone’s life indeed, whether you are a technologist, security specialist or just a consumer.