We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
As more organizations rely on third-party providers for services such as marketing, support, and operation, they are also depending heavily on these providers to protect the data properly. Recent research found that 21% of companies have their cloud storage located in a single region, said third-party security risk management platform provider Panorays.
The service providers may be storing the organization’s data with a cloud provider, and that could expose the organization to risk if the storage is not properly configured. For example, a service provider could host a website within a cloud storage bucket, such as Amazon Web Services Simple Storage Service (S3). The default configurations can lead to security issues because they make the server object and file contents publicly accessible.
Panorays assessed the external cloud infrastructure of third parties’ cloud providers as part of its research. More than 20% of companies have their cloud storage in a single region. This is not surprising, since it’s cheaper and easier for companies to deploy single-region architecture. However, this practice can be problematic when faced with disaster recovery, which is why it’s not recommended.
Panorays checked if specific cloud services were exposed to the public because exposed cloud infrastructure resources increases risk and the organization’s attack surface. From the tens of thousands of storage buckets found in our assessment, 5% were found to have public browsing/listing permissions.
Panorays also checked if the services were located in a single geographic region since having different regions is recommended for business continuity.
These buckets belonged to professional companies and not private individuals, which may explain why the figures were lower than expected, said Demi Ben-Ari, Panorays co-founder and CTO. “Nevertheless, we expected this to be even lower, considering that open buckets remain a pressing problem that has gained a great deal of publicity lately.”
Read the full research from Panorays.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.