Microsoft Azure Cosmos DB incident underscores the need to closely watch cloud data

Companies whose data had been accessed by researchers in the process of discovering a significant vulnerability in Microsoft’s Azure Cosmos DB service should rotate their keys immediately, and all users of the database service should institute role-based access controls.

That’s among the recommendations Microsoft included in a blog post published last week after being notified by cloud security firm Wiz.io that the company had found a pathway to access other firm’s data stored in the service. Researchers with the firm Wiz.io reported a vulnerability in the way Microsoft had integrated the Azure Cosmos DB service with Jupyter Notebooks, an open source data science platform for creating interactive workspaces.

Anyone who created a Cosmos DB instance and then used Jupyter Notebooks could access other customers’ instances, according to the researchers.

But the incident did not result in any data being accessed by anyone besides the researchers, Microsoft said. “Our investigation indicates that no customer data was accessed because of this vulnerability by third parties or security researchers,” Microsoft stated in its Aug. 27 blog post, adding that it performed a broad forensic analysis. “We … expanded our search beyond the researcher’s activities to look for all possible activity for current and similar events in the past. Our investigation shows no unauthorized access other than the researcher activity.”

The incident was a reminder for companies that even the Big Three cloud providers can make mistakes and that organizations have to still worry about cloud database security. While managed services are more typically secure, because such services also host a large number of organizations, a single vulnerability can have a major impact, says Karl Sigler, senior security researcher at Trustwave’s SpiderLabs.

“The risks are different in that cloud environments typically have dedicated teams performing ongoing audits, patching, monitoring, and confirming ‘best practice’ configuration,” he says. “However, zero-day issues like this one with the Cosmos DB may have a much more severe impact than on-premises databases when exploited due to shared environments.”

To read the complete article, visit Dark Reading.