Critical security vulnerabilities in public cloud storage

Critical security vulnerabilities in public cloud storage

September 21, 2022

We examined the "State of Public Cloud Data Security Report 2022" report, which had important insights into the current state of cloud storage data protection.

The primary takeaways from the report are the 3 steps of a hack, where a cybercriminal needs to find three related weaknesses in cloud storage protection. Such data was obtained by analyzing companies such as Azure, AWS, Google Cloud andOneDrive - scanned by Orca Cloud Security Platform from January 1 to September 1, 2022.

Protecting user data depends not only on the cyber security departments of cloud platforms, but also largely on workloads, server configurations and corporate identities, said Orca Security's CEO.

Vulnerabilities are the main attack vector - 78% of all attacks are long known vulnerabilities (CVE). Many companies also have unprotected channels S3 Buckets and Azure blob storage assets, through which confidential data is often leaked.

However, despite the server-side vulnerabilities, users also need to keep in mind 2FA, strong passwords, securing open ports and being careful when using the web, plus opening links from untrusted senders.

After having analyzed the data obtained, it is safe to say that a lot more improvements are needed in this area: patching the detected vulnerabilities, changing publicly available identifiers and implementing multi-factor protection of user data. It is very problematic to implement this all at once, so it is necessary to concentrate all efforts on solving the vulnerabilities that are already known to cybercriminals and threaten the safety of users.