Here’s a New Free Tool to Discover Unprotected Cloud Storage Instances

The ImmuniWeb® Community Edition is a set of free online tools to verify your application security, privacy and compliance, detect phishing, domain squatting and Dark Web exposure, running over 100,000 daily tests. The new free cloud security test enables cybersecurity and IT professionals to identify unprotected cloud storage of their organizations in a simple and swift manner to prevent data leaks and security incidents.

Cloud Security Challenges Surge in 2021

The Verizon Data Breach Investigations Report (DBIR) 2021 says that the number of cloud security breaches has surpassed the number of data breaches involving on-premise assets for the first time in the Internet history.

In the meanwhile, organizations of all sizes rapidly migrate to a cloud environment. Gartner’s most recent cloud forecast says that public cloud services will grow 25.9% in 2021. Gartner also predicts that in 2025, over 99% of cloud breaches will be attributable to preventable misconfigurations or other mistakes made by cloud users, such as excessive permissions, weak API authentication, or publicly exposed cloud instances, storage or other resources with sensitive data.

Forrester likewise predicts growing challenges for compliance in a cloud environment, citing a critical vulnerability in Microsoft Azure’s Cosmos DB disclosed in August 2021 that is, however, not attributable to users’ negligence or misconfiguration.

Unprotected Cloud Storage Disaster

Under a narrow set of circumstances, a cloud storage, for example AWS S3 buckets, may require to be publicly accessible to provide external users with public data such as images or videos. In reality, a misconfigured and unprotected cloud storage is one of the most widespread causes of disastrous data leaks and breaches in a cloud environment.

The situation is exacerbated by swift proliferation of small cloud providers that offer their own cloud storage services that have insecure settings by default. Given that countless organizations migrate into a cloud without investing into adequate security training of their technical teams, they are sitting on a powder keg ready to explode.

Modern cloud storage services share similar weaknesses stemming from incorrect usage of access policies, excessive IAM permissions or even completely missing authorization mechanisms. Shadow cloud accounts or unknown cloud assets make the situation even more complex in a multi-cloud environment. Eventually, petabytes of confidential data are regularly found by security researchers and Black Hats in the wild, keeping CISOs and DPOs awake at night. Unsurprisingly, the IDC cloud security survey of 2021 reveals that 98% of companies experienced a cloud data breach within the past 18 months.

Free Cloud Security Test

The new online test by ImmuniWeb aims to provide cybersecurity and DevOps teams with a simple way to detect unprotected cloud storage operated by their organizations. To launch a test, just enter a URL of the main website of your company:

The new test may take up to 15 minutes and goes through externally accessible cloud storage of the following public cloud services providers:

• Amazon AWS
• Microsoft Azure
• Google Cloud Platform
• IBM Cloud
• Alibaba Cloud
• Oracle Cloud
• Linode
• Vultr
• Dreamobjects
• Digital Ocean
• Rackspace Cloud
• Wasabi
• Backblaze
• Mail.ru Cloud
• Yandex.Cloud
• Tencent
• Storj
• Selectel
• SberCloud

The free test shows your public cloud storage that belongs or is attributable to your company. For the purpose of GDPR or LGPD compliance requirements, the test shows a country where your data is physically stored. It also sheds light on cloud storage misconfigurations, such as missing SSL/TLS encryption.