Blobfish! The Store of the Azure BLOB
The smooth-head blobfish, Psychrolutes Marcidus is a deep sea dwelling fish from the coastal waters of Australia and New Zealand. Its main characteristic is that is looks hilarious, like a sad man perhaps, as you can see from the graphic below.
Why am I talking about a blobfish’s habit and characteristics on a data security blog then? Well because last week we saw an insecure Azure BLOB belonging to a FISHing company land them in proverbial hot water…
The company in question, Raven Hengelsport, in the Netherlands and were guilty of storing 18GB in the publicly accessible blob which contained 450,000 data sets, logs and customer order details from their punters across Europe.
I cannot comment on the reasons behind Raven choosing Azure Blob, and only they will be able to give the details on the open accessibility, but if we compare what could have happened were they to implement Managed File Transfer (MFT) in conjunction or in place of things could have been so different.
1. Logs
There may have been a very good reason for the open accessibility aspect. But if you’re not keeping tracks on that open access then you’ll be unable to confidently gauge what was picked up by whom. MFT servers log all interactions with your data, who, what, where, when, etc.
2. Ease of configuration
The problem with new types of infrastructure is it often takes time to learn. I’ll assume Raven didn’t really want this level of data publicly accessible, or at least not for a long period of time. If this is indeed a poor configuration, MFT platforms provide ease of configuration and permission application across all transfer protocols.
3. Keep Data under your jurisdiction
This doesn’t just go for Azure Blob, but for any outsourcing, offshoring or handing over to a cloud provider or hyperscaler … MFT housing your data remains under your control and jurisdiction.
Finally, if the need for Blob was absolute, securing your IaaS deployments can be achieved through use of a CASB platform. This type of software grants the ability to review policy in terms of configuration and to evaluate that against misconfigured instances such as this. Reporting on where an exposure was or avoiding one altogether.
For more information on the Raven incident click here.
Should you wish to speak to the HANDD team about anything you have read, please contact us at info@handd.co.uk
For more information on Blobfish click here.