AppSec/API Security 2022

TikTok breach allegations highlight cloud platform security

Reading time: 5 minute

TikTok, the short-video hosting service owned by Chinese company ByteDance, is no stranger to controversy. Unfortunately, the social media giant is in the news again due to an alleged data breach.On Monday, several cybersecurity analysts tweet Regarding the discovery of an allegedly insecure server that allowed unauthorized access to TikTok’s storage. Apparently, the server allows access to the data of up to 2 billion users.

One user BlueHornet|AgaisntTheWest highlighted the alleged data breach in the conversation, tweeting the following:

“Who would have thought that @TikTok would decide to store all of its internal backend source code on a single Alibaba Cloud instance with junk passwords?”

Others claim to have found Tik Tok user data sold online. Cybersecurity analyst and security researcher Dominic Alvieri shared a picture of the dataset for sale.

Most recently, TikTok’s security chief stepped down while the company began moving U.S. user data to the Oracle Cloud to fend off allegations that Chinese employees had access to U.S. user data.

Just a few days ago, Microsoft said it found a “critical vulnerability” in TikTok’s Android app that “would allow an attacker to compromise a user’s account with a single click.”

The vulnerability Microsoft identified is a narrower issue that could affect phones running Android. A TikTok spokesman said the company responded quickly to Microsoft’s findings and fixed security flaws “found in some older versions of the Android app.”

The representative responded to the new security incident by denying the allegations. A spokesperson said, “The claim about the breach uncovered over the weekend is incorrect. Our security team investigated this claim and determined that the code in question is completely unrelated to TikTok’s backend source code.”

Australian Cyber ​​Security Advisor and already owned Data breach site Troy Hunt went through some of the data samples listed in the leaked documents and found a match between user profiles and videos posted under those IDs. He found the details contained in the leak were “publicly accessible data that could be constructed without breach.”

Mr Hunt expressed concern that the breached data was inconclusive, saying, “So far it has been inconclusive; some of the data matched production information, albeit publicly accessible. Some of the data was garbage, but it was probably non-production or testing. data,” according to his Twitter. “So far, it’s been a bit complicated.”

While the controversy continues, the so-called TikTok data breach clearly highlights concerns about managing data in the public cloud. Whether it’s Google Cloud, Alibaba, Oracle, or any other major cloud provider, TikTok seems to have the same cloud strategy as many global organizations.

The team at TikTok is very public and their cloud security and governance strategy is dedicated to better governance and protection of U.S. data. Just on July 17, you can read TikTok’s U.S. Security Public Policy Highlights of Albert Calamug’s partnership with Oracle to take multiple steps to better secure its apps, systems, and U.S. user data. This commitment to “a process of continuous innovation and improvement in user experience and security controls” is not too different from that of other global cloud organizations. So, what are the common challenges facing CISOs in organizations today? Well, it all starts with understanding who is responsible for a data breach.

Who is responsible in the event of a data breach?

Gartner Research predicts that by 2022, at least 95% of cloud security failures will be the customer’s fault, and TikTok, like any other business, could fall prey to that statistic. This story nicely illustrates the confusion over who is really at fault when it comes to cloud vulnerabilities. Major cloud providers, such as AWS, Azure, GCP, and Oracle, operate on a shared responsibility model.

AWS Shared Responsibility Model
CSP Shared Responsibility Model Example

The model specifies that the cloud service provider is responsible for the security of the cloud “for” such as basic infrastructure, while the customer must protect everything in the “cloud” – such as data, identity and basic configuration. Just being in the cloud doesn’t guarantee protection.

The organization itself, the data owner, is responsible for data security. For this reason, they are often considered responsible for violations, even under a shared responsibility model. There may be evidence that data holders have compromised their own security by implementing erroneous updates or giving third parties excessive access (for example, engineers whose patches resulted in data exposure).

When it comes to cloud security breaches, most examples show that storing data in the cloud is the riskiest. Often, investigators will rule that the data owner (i.e. the organization) is at fault. Most companies now have data security policies and procedures. The mistake many people make is that these on-premises approaches don’t scale to the cloud.

Defense in depth is dominated by network controls, and they rely on traditional network security controls. This reliance on managing the cloud as a traditional environment is a huge mistake in cloud security strategy. The foundation of information security in the public cloud should focus on identity security that controls access to cloud resources and data. Security experts recognize that “identity is the new frontier for protecting public cloud data,” so proper identity security is critical to managing access-related errors.

Each machine, server, user, virtual machine, and piece of computing can carry its own unique identity, which becomes the new “boundary”. By denying access to any machine or process that fails to provide an identity with the correct permissions, organizations can prevent unauthorized access while allowing business processes to continue enforcing least privilege.

Find a solution

No matter how the TikTok breach allegations falter, our message is the same: Protect your cloud with comprehensive cloud security.The best platform security includes context from each pillar of the cloud – identity, data or workload

Being aware of shared responsibility, and better yet, being prepared to take steps to reduce risk in a cloud environment is half the battle. If your organization wants to better ensure that your cloud is securely provisioned at the most fundamental level, there is a solution.

Sonrai Security provides complete public cloud security solutions for Amazon Web Services, Microsoft Azure, Google Cloud Platform and Oracle Cloud. Sonrai identifies and monitors all relationships between workloads, identities and data stores across your various cloud platforms, providing security teams with a continuous view of all risks, unusual activity and automated remediation. With identity and data at the heart of our solutions, you can protect against cloud risks such as data breaches, unauthorized access, and more.

*** This is Sonrai’s Security Blog Network Syndicate Blog | Enterprise Cloud Security Platform by Eric Kedrosky. Read the original article:

Leave a Comment

Your email address will not be published.