In the past year, we witnessed anything from security breaches to complete cutoff of the most used social applications due to preventable misconfigurations. Before going into the details of these incidents, let’s see why such misconfigurations occur.
When organizations push out new applications and application updates at top speed, it’s no surprise that the security teams struggle. One small unforeseen error could cause downtime or reveal a vulnerability that could easily be exploited.
Configuring a network can be a hugely complicated task and issues often arise due to poor judgement or simply from not being able to see what’s happening across the entire infrastructure. In the best-case scenario, you find these issues before they lead to a serious crisis. But in the worst-case scenario, you might end up having to deal with a crippling security breach and reputational damage. We’ve seen dozens of examples over the last 12 months alone, here are some highlights:
Large scale data breach for streaming platform Twitch
The live-streaming platform Twitch confirmed that it was the victim of a large-scale data breach. The breach exposed its source code as well as other confidential data. In the aftermath, Twitch attributed the cause of the breach to on an error in a server configuration change. They said that the error was “subsequently accessed by a malicious third party.”
Fastly configuration error turns off internet
In June 2021, large areas of the internet went down with the 503: Service Unavailable error message after Fastly, a US-based content distribution network (CDN), suffered a configuration issue. Downed for almost an hour long, sites like Amazon and eBay became inaccessible, costing these companies millions of dollars’ worth of revenue.
Facebook disappears from the internet
Facebook, WhatsApp, Instagram, and any services using Facebook services were unavailable for six hours in October due to a configuration change that disconnected the applications from the internet. As the story developed, it became apparent that the incident was caused by a configuration issue within Facebook’s BGP (Border Gateway Protocol), one of the systems that the internet uses to get your traffic where it needs to go as quickly as possible. You can read more about our analysis of the outage here.
How can configuration errors be mitigated?
In large organizations, the number of applications and cloud accounts could be in their thousands. This is quite a challenge for IT teams that are responsible for the ongoing security of the network. With such a complex hybrid network environment, managing network security can not only become a tedious task but also risky, one that could be difficult to execute unless automated.
Enterprise-wide automation of application connectivity flows and security policies is proven to enhance business agility without introducing any element of risk, vulnerability, or compliance caused by manual, ad-hoc processes.
Receive notifications of new posts by email.