03/14/2019

Is Your Cloud Service Properly Configured?

Poor configuration can unwittingly leave sensitive data in the public sphere

The cloud is an important part of the modern workforce, but poor configuration of key tools and improper training can unwittingly leave your most sensitive data in the public sphere.

This is the finding of a security firm, Adversis, which is warning about one tool in particular, Box Enterprise. The firm noted that the technology was designed in a way that made it easy to share a link publicly, trace it back to the original company (because the Box account is associated with a company through a subdomain) and potentially download files that have previously been linked publicly through intelligence-gathering techniques. This issue is most concerning for files shared using custom URLs, which can be easier to guess than the randomized links upon which Box generally relies.

The problem, the firm noted, is essentially the same as one you might find if you’re using a file service on Amazon’s Simple Storage Service (S3): someone who is willing to dig through a public folder might just find something good. But considering the use case is different—a Box server is intended as a way to safely share valued corporate information, and generally allows for detailed controls on access—this finding is worrying, Adversis says.

Please select this link to read the complete article from Associations Now.