One Weekend, it was discovered that in Microsoft’s Azure government cloud, about three terabytes of internal military emails were left wide open to the public without a password to view the information.
Unfortunately, this is not uncommon since security in Azure needs to be appropriately configured by the end user and checked to ensure security remains when configured changes happen inside any cloud provider. In the investigation of this event, it is believed that some kind of human error is responsible for leaving the information open to the public for approximately two weeks. Eventually,, the server was locked down and it is not accessible to the public.
These events can teach us one thing about cloud security, or lack thereof. The pure and simple truth is that, in most cases, security only exists if you turn it on inside your cloud service provider. Document your settings, then periodically check that the settings are still correct. Some clients have experienced either manual mistakes or cloud provider upgrades that cause settings to change.
Review the security offerings from your cloud provider to determine if you need those services. When you enter Azure and set up a storage bucket, you must ensure you do not leave it open to the public. As of today, you can look at scanner sites like https://buckets.grayhatwarfare.com/. You will see that over 10 percent of the Azure storage buckets are left open to the public without any permission or securities in place.
Information Technology Security is a culture, and it is something we all need to think about and ensure we are doing it correctly. Let’s all take the time to secure your data and your company data to make it a little hard for someone to take advantage of us. When you left your home to go to work today, you didn’t leave your front door wide open when you left, did you? Why would you do that in the digital world, then?
https://techcrunch.com/2023/02/21/sensitive-united-states-military-emails-spill-online/
