What Happened in Marriott’s Mega Breach?

The recent mega breach of Marriott’s customers’ data is potentially devastating for the hospitality brand, exposing the credit card data of 500 Million customers. Among a number of security issues identified, one was an easily guessable password for Starwood’s ServiceNow cloud computing service, where much of the customer data was stored. Another issue was keeping decryption keys and encrypted payment data in the same environment, which makes it easy for attackers to steal the data and the keys, allowing them the ability to un-encrypt the data. From the article published by Forbes (Dec 3rd, 2018) about the Marriott breach: “Within the [Marriott’s] ServiceNow portal, it’s possible to access businesses’ financial records, IT security controls and bookings information.” https://www.forbes.com/sites/thomasbrewster/2018/12/03/revealed-marriotts-500-million-hack-came-after-a-string-of-security-breaches/#75d7e815546f ServiceNow’s database encryption option does not encrypt data at the layers above the database such as middleware, application, API and UI layers. Attackers could easily retrieve Marriott’s ServiceNow data with a compromised account password, giving them unlimited access to sensitive customer data. The encryption offered inside the database is of no use when hackers usually attack at the application, API and UI layers in the cloud. This is a very common circumstance – relying on SaaS providers database-level encryption to protect your customer data is a false sense of security. You need to implement security designed to protect account access, identify when an account has been compromised, and encrypt data before sending it to the SaaS provider. One major consideration is to never share your encryption keys with ServiceNow – which is what you have to do if you use their encryption feature. CipherCloud provides a cloud-native protection platform that delivers multi-layered security for these exact circumstances to keep sensitive data protected within ServiceNow – even if an account has been compromised. The combination of adaptive access control and customer-side encryption (along with a host of additional security features) guarantees your data is protected within ServiceNow even if attackers gain unauthorized access. If you’re interested in how CipherCloud can help protect your data, request a free Cloud Access Security Broker trial today.

*** This is a Security Bloggers Network syndicated blog from CipherCloud CASB+ Platform | Enterprise Cloud Security authored by CipherCloud. Read the original post at: https://www.ciphercloud.com/blog/what-happened-in-marriott-s-mega-breach