In my previous post, I took deep dive into AWS S3 permissions to outline the myriad of ways someone could expose their AWS S3 buckets and objects to everyone on the Internet.

As I discussed there, the complexity of the S3 permission system is very powerful and provides users with a lot of flexibility; however, it also makes it very easy to accidentally expose your sensitive files and suffer yet another S3 storage breach.

Microsoft Azure offers a similar storage service to S3 called Azure Storage, and it offers similar capabilities to expose the objects you have stored there to anonymous read access over the Internet.

The public access level system that Azure provides, however, is far less complex than AWS S3’s. While some may feel more constrained by a less flexible system, in my opinion, it’s a far better one if security is a concern.

We all know that complexity is often the antithesis of security, and I believe that the simplicity of Azure’s public access policies greatly reduces the risk of suffering an Azure Storage Breach similar to the AWS S3 Storage breaches we so often see in the news.

In fact, you’ll be hard-pressed to find any news articles about a similar breach for Azure Storage that has been made as public as the S3 breaches have been made – and while that may partly lend itself to AWS being more widely used than Azure today, I think the difference in complexity between the two public access control models is certainly a contributing factor.

Regardless, it’s just as possible to incorrectly configure your Azure Storage containers to expose sensitive information to everyone on the Internet, so steps must be taken to ensure you don’t suffer a storage breach.

Let’s dive a bit into how Azure permits users (Read more...)