Connect with us

Hi, what are you looking for?

Tech & Science

CenturyLinks’ suffers data breach with cloud computing system (Includes interview)

With the CenturyLink issue, the personal information of hundreds of thousands on CenturyLink customers, including name, addresses, email addresses, and phone numbers was exposed online during October 2019.

CenturyLink said in a statement sent to Comparitech that “The data involved appears to be primarily contact information and we do not have reason to believe that any financial or other sensitive information was compromised. CenturyLink is in the process of communicating with the affected customers.” Nevertheless, the data breach raises some concerns and it is a further example of highly sensitive consumer data left exposed because of a simple security mistake.

To understand the significance of the data breach, Digital Journal spoke with DivvyCloud Co-Founder and CTO Chris DeRamus. DeRamus looks at the increasing number of data breaches caused by misconfigurations and the proper security strategies and steps that need to be enforced by companies to mitigate this risk.

DeRamus begins by placing the data breach in context with other data-issues that are affecting the business community, largely through poor design: “The recent CenturyLink MongoDB database leak is just one of a long list of serious data breaches caused by misconfigurations.”

In terms of parallel cases, DeRamus notes: “It was just earlier this year when security researchers discovered Verifications.io’s unprotected, publicly accessible MongoDB database, exposing nearly 809 million records containing employee and business data.”

Such weaknesses mean that enterprises need to safeguard data more securely. DeRamus notes: “Within every company, data is king and collecting, storing and leveraging data is essential to running a business effectively. Companies need to ensure proper security in their own IT environments, but also ensure that their partners, vendors and other connected parties are leveraging best practices and advanced tools to keep data safe.”

In terms of the fundamental issues, DeRamus sees the way that firms approach data handling as common cause for errors. Here he finds: “A common, troublesome theme we see is companies adding on security services piecemeal each time a new digital service is deployed instead of investing in an innovative strategy that is adaptable, scalable and automated. Such security solutions, that evolve with a company’s business needs, enable innovation while still protecting critical data and infrastructure.”

Based on this, he outlines the most appropriate solution: “In this incident, and in almost all of the incidents involving misconfigured cloud databases, automated cloud security solutions would have been able to detect the misconfiguration in real time and either trigger immediate remediation, alert the appropriate personnel to address the issue, or prevent the misconfiguration from ever being put into production in the first place.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

The partnership will raise awareness of the vital role that CIOs and senior technology leaders play in shaping the future of business.

Entertainment

Pop star and Disney actor Asher Angel chatted about his new music, which included his new single and music video for "alternate ending."

Tech & Science

Decision support systems (DSS) have been part of healthcare for a long time, aiding clinicians with diagnostic tools, treatment guidelines.

Tech & Science

Microbiologists are transforming fatbergs into perfumes.