Dec 7, 2021
0 0

Kafka Cloud Clusters Expose Sensitive Data

Written by

Some of the world’s largest companies have exposed large amounts of sensitive information from the cloud, researchers said – thanks to misconfigured Kafdrop services.
Kafdrop is the management interface for Apache Kafka, an open-source, cloud-native platform for managing data streams. Kafka has several common use cases; for instance, in the finance sector it’s often used for real-time data processing in order to catch and block fraudulent transactions as they occur. It the internet of things world, it can support “just-in-time” resource allocation for smart-grid applications and the like. Other uses include tracking application activity (user clicks, registrations, time spent on certain pages or features, orders, etc.); and event logging or real-time monitoring.
Trevor Morgan, Product Manager, comforte AG shared the following thoughts:
“One way to help avoid Kafdrop-related messaging and traffic issues is through data-centric security. Outmoded data protection methods that rely on securing perimeters and environments around sensitive data really don’t address these types of problems we’re seeing with Kafdrop when data is in motion. A much better way to ensure data security is to apply protections directly to the data itself, in essence to make that information unreadable as soon as it enters your enterprise data ecosystem. Most people are familiar with one technique, which is classic encryption, although encryption comes with sometimes-complicated key management and does not necessarily preserve data format. That latter point can lead to lengthy and expensive integration with other business applications to account for encrypted fields.
Methods such as tokenization and format-preserving encryption can be much easier to implement within existing business application workflows due to native data format preservation. The goal with tokenization is to obfuscate sensitive enterprise data by replacing readable data elements with innocuous tokens, so even if threat actors get their hands on the data, it is incomprehensible and therefore cannot be leveraged for gain. The main point to remember is that some sort of data-centric protection is necessary when dealing with sensitive data and information in your business environment, especially to guard against potential vulnerabilities introduced by add-on technologies like Kafdrop.”
The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY
Follow Us
© 2015 – 2019 IT Security Guru – Website Managed by Calm Logic
© 2015 – 2019 IT Security Guru – Website Managed by Calm Logic
This site uses functional cookies and external scripts to improve your experience.
Privacy Settings / PENDING
This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.
NOTE: These settings will only apply to the browser and device you are currently using.
GDPR Compliance


Article Categories:
Mobile Security

Comments are closed.