Many companies aren’t properly securing their databases, like the one I wrote about this morning. But we have some numbers. CyberNews quotes “29,000 unprotected databases worldwide exposing 19 petabytes (19,000 terabytes, 19,000,000 gigabytes, etc) of data.
To conduct this investigation, we used a specialized search engine to scan for open databases of three of the most popular database types: Hadoop, MongoDB, and Elasticsearch. While performing the search, we made sure that the open databases we found required no authentication whatsoever and were open for anyone to access, as opposed to those that had default credentials enabled.
Check It Out: Over 29,000 Databases Expose 19 Petabytes of Data
Andrew:
19 petabytes? Is that a lot?
This has morphed from absurdity through insanity to obscenity. So, these isolated cases are not the tip of an iceberg; they are the tip of a submerged continent.
If this were the airline industry, by now all planes would be grounded pending a thorough review, and not be permitted to fly without a fix combined with tighter regulation.
Companies that request user data, for any reason, should be required to:
Provide the user with a rationale for said data
Have limits on the duration and extent of use
Have a user safety switch whereby the user can ‘wrest control’ of their data at anytime (ie withdraw consent for said data use)
Submit their data management protocols and safety measures to third party (regulatory) review at pain of penalty, including loss of license, for failure to comply
Submit those protocols, safety records, and actual use cases to routine but periodic inspection in order to qualify for continued use of said data
Data are not only the new oil (or profitable natural resource of your choice); they come with perishable lives attached, and need to be guarded accordingly.