Majority of public cloud databases are unencrypted

Research has revealed that 82 per cent of public cloud databases are unencrypted, leaving them completely open to cyber attacks and data theft.

Conducted by RedLock, the study also revealed that a third of public databases are also completely open to the internet, which makes them easier to access than those stored in private clouds. However, 40 per cent of organisations using these environments leave their storage resources open to the public.

The need for research was brought to light following a ransomware attack on MondoDB, after which GDI Foundation security research Victor Gevers found that hackers were exploiting the firm's databases due to poor set up and public access, and ultimately holding the company to ransom over their data.

Additionally, the research found that there are up to 4.8 million publicly available records holding sensitive data, including health records and information that features personally identifiable information.

RedLock added that there are many other factors that could leave public cloud databases equally vulnerable to attacks, such as allowing employees to have access to sensitive information, lack of controls on user access and a lack of security expertise within an IT team.

Commenting on the results of the study, Gaurav Kumar, CTO of RedLock and head of the CSI team: "Public cloud computing environments are incredibly dynamic—our research shows that the average lifespan of a cloud resource is only 127 minutes—and traditional security strategies can’t keep pace."

He added: "Our report, which analysed over one million cloud resources and twelve petabytes of network traffic, unmistakably shows the need for solutions that help manage security and compliance risks with ease, speed, and automation."