{"id":17979,"date":"2020-12-28T12:24:29","date_gmt":"2020-12-28T12:24:29","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/?p=17979"},"modified":"2022-11-17T12:46:14","modified_gmt":"2022-11-17T12:46:14","slug":"cloud-bucket-vulnerability","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/cloud\/cloud-bucket-vulnerability\/","title":{"rendered":"Cloud Bucket Vulnerability Management"},"content":{"rendered":"

The movement to the cloud<\/a> means access to data anywhere, enhanced data recovery, flexibility for collaboration, and less of a burden on IT staff. But, while cloud providers boast that their storage services \u2014 or \u201cbuckets\u201d \u2014 offer added application security<\/a>, they have also consistently proven vulnerable.<\/p>\n

A bucket is a virtual storage unit provided and partly<\/em> maintained by a cloud services provider. Much like a file folder on your computer, buckets store data in place of on-location IT infrastructure. As cloud computing has become increasingly popular, bucket breaches have exposed millions of records to the public Internet. The good news: most cloud bucket vulnerabilities are due to misconfiguration and are manageable with appropriate attention to detail.<\/p>\n

Also Read<\/strong>: Top Threat Intelligence Platforms (TIP) for 2021<\/a><\/p>\n

<\/a>Identify cloud bucket vulnerabilities<\/h2>\n

Since 2004, there have been 11,000 US data breaches<\/a>. Organizations affected include Verizon, Accenture, Home Depot, Yahoo, Capital One, LinkedIn, and the Pentagon. These breaches left contact information, account passwords, credit card numbers, private photos, and more exposed.<\/p>\n

While buckets are private-by-default, plenty of buckets are for public use and reconfigured for that purpose. But in the process of adjusting the bucket\u2019s configurations comes the greatest risk to your cloud security<\/a>. Enumeration of different cloud services has frequently found buckets granting read-only or full admin privileges to general platform users or anyone online. Missing just one security checkbox for your organization\u2019s cloud can open the door to any bad actor.<\/p>\n

Also Read<\/strong>: Top Vulnerability Scanning Tools<\/a><\/p>\n

<\/a>Reliance on cloud computing grows<\/h2>\n

Gartner reports that by 2024, more than 45% of IT spending<\/a> on infrastructure, application software, and business process outsourcing will shift from traditional solutions to the cloud.<\/p>\n

This increasing investment and reliance on cloud technology means that targeting misconfiguration for users isn\u2019t going away. Through a shared responsibility model, cloud providers are only responsible for the security of their cloud infrastructure\u2014everything you put into the cloud is your responsibility.<\/p>\n

Cloud vendors have been criticized for not emphasizing the risk of misconfiguration and cloud bucket vulnerability, but the primary culprit continues to be user error. Gartner also predicts through 2025<\/a>, 90% of organizations that fail to control public cloud use will inappropriately share sensitive data, and 99% of cloud security failures will be the customer\u2019s fault.\u00a0 No matter the provider, misconfiguration is frequently rooted in identity access management (IAM)<\/a>.<\/p>\n

Also Read:<\/strong> What is Cloud Access Security Broker (CASB)?\u00a0\u00a0<\/a><\/p>\n

<\/a>Secure your buckets<\/h2>\n

In 2020, three cloud providers made up 57% of the cloud market share<\/a>:<\/p>\n