New Cloud Category Evaluates How Third Parties Manage Data with Cloud Services
NEW YORK, May 25, 2021 – Panorays, a rapidly growing provider of third-party security risk management, today announced new research using data from a unique assessment category that evaluates how third parties manage their data with cloud services. The research, based on thousands of third parties that were tested, yielded the following important findings:
- The most common issue was cloud storage in a single region (21%).
- The most surprising issue was having a public listing for a cloud storage bucket (5%).
- Cloud security issues were found among 27% of third parties tested.
- The vast majority (84%) of the third parties were found to use the cloud.
- Industries with high cloud adoption included unexpected industries such as utilities, insurance and automotive.
“We weren’t surprised to find that many suppliers had all of their cloud infrastructure in a single region, since it’s far less expensive and much easier for companies to deploy single-region architecture,” explained Giora Omer, Chief Architect at Panorays. “However, we were truly surprised that 5% of suppliers had public browsing for cloud storage buckets, considering that there’s been so much publicity about data leaks resulting from open buckets. This reflects a significant problem that must be addressed.”
The new cloud category was recently added to Panorays’ cyber assessment of third parties. It is based on non-intrusive probing and external data feeds—allowing organizations to assess their third parties easily and quickly. In particular, it checks whether:
- Specific cloud services are exposed to the public. Exposing cloud infrastructure resources that are meant to be private, such as database services, increases risk and the overall attack surface of the company.
- Cloud services reside in a single geographic region. Having cloud services in different geographies is recommended for business continuity; that way, if one region goes down, the system can fail over to another region.
- Cloud services host a website within a cloud storage bucket, such as AWS S3. Such buckets may contain default configurations that can lead to security issues.
- Cloud services have a public listing enabled for a cloud storage bucket. This may expose files containing sensitive data.
All of the above indicate red flags of possible cloud issues and misconfigurations that could result in data leaks or breaches that expose private data, leaving organizations open to regulatory penalties and loss of customer trust.
“Since more and more third parties from all industries rely heavily on cloud providers for services such as marketing, support and operations, Panorays saw the need to assess the external cloud infrastructure of their cloud providers. Our new cloud category automatically detects issues, resulting in a more accurate and robust cyber posture rating,” said Matan Or-El, Panorays Co-Founder and CEO. “It’s just one more way that Panorays is providing companies with a complete view of their third-party cyber risk.”
Read about Panorays’ cloud research here.
Panorays is a rapidly growing provider of third-party security risk management software, offered as a SaaS-based platform. Unlike other solution providers, Panorays combines automated, dynamic security questionnaires with external attack surface assessments and business context to provide organizations with a rapid, accurate view of supplier cyber risk. It is the only such platform that automates, accelerates and scales customers’ third-party security evaluation and management process, enabling easy collaboration and communication between companies and suppliers, resulting in efficient and effective risk remediation in alignment with a company’s security policies and risk appetite.
The company serves enterprise and mid-market customers primarily in North America, the UK and the EU, and has been adopted by leading banking, insurance, financial services and healthcare organizations, among others. Headquartered in New York and Israel, with offices around the world, Panorays is funded by numerous international investors, including Aleph VC, Oak HC/FT, Imperva Co-Founder Amichai Shulman and former CEO of Palo Alto Networks Lane Bess. Visit us at panorays.com.