There are many fantastic things about the cloud computing revolution. As with everything, however, there is a price to pay for progress. Most go about their days oblivious to what that cost is, but if you’re a Verizon customer, that price has become all too real.

Earlier this week, Verizon confirmed that personal info associated with over 6 million customers was left unprotected and made publicly available online. This information includes names, phone numbers and the PINs required when a customer calls in to customer service

Did hackers break into the Verizon network by brute force and pillage their data archives?

Was this an inside job; a disgruntled employee leaking confidential information in an effort to stick it to the man?

No, nothing so nefarious or clandestine. The answer is a boring as it is simple: a misconfigured rule for an Amazon S3 bucket made the data contained therein accessible to anyone with the URL… no username or password required.

The reported cause of this was simple human error. Given the complexity of Verizon’s cloud infrastructure, I doubt that you could equate this with negligence or incompetence on the part of a DevOps guy. More than likely there was a change made somewhere else that had a ripple or cascade effect out to other systems, resulting in a rule or permission being changed and leaving the S3 bucket unprotected.

The moral of the story here is that complexity invites failure. For every additional parameter, container, rule, bucket or virtual machine that gets added to the environment, an additional point of failure is added as well. Verifying security on a system with 6 elements is relatively simple. Doing the same for a system with 600 elements, or even 6,000 elements, is another thing entirely.

As cloud infrastructure gets larger, the verification of security settings becomes increasingly unwieldy. An automated program, such as the Cloud Conformity bot, will help manage and govern your security and management tasks, increasing the safety and security of your cloud infrastructure.

The Conformity Bot inspects every aspect of your AWS account and verifies settings and security against 270+ rules and best practices. More than just simple audit functionality, the Conformity Bot can be configured to continuously monitor your AWS Cloud infrastructure in real-time.

Putting this back into the Verizon context, the Conformity Bot would have recognized in seconds that a publicly-available S3 bucket was a major security risk, and sent a notification via email or directly into a ticketing system like JIRA, ServiceNow or Zendesk. The error would have been identified and fixed within a few minutes, not the 9 day period (June 13 to June 22) that it ended up taking. Who knows how far in advance of June 13th the original vulnerability existed… it could have been weeks or months!

The Verizon leak is not the last leak we’ll see this year… most likely not the last leak we’ll see this month. While a real-time monitoring solution won’t stop companies from making security errors, it will help prevent a simple error from becoming a leak or worse: A headline.