Dozens of companies inadvertently leaking sensitive corporate and customer data because of misconfiguration of their Box enterprise storage accounts. The discoveries were made by researches at Adversis which found major companies left their data exposed without knowing. The default configuration in Box enterprise account is private but can be made public with a single link and these secret links can easily be discovered. Adversis found more than 90 companies with publicly accessible folders.
Expert Comments
Juliette Rizkallah, CMO at SailPoint:
“Today’s business users have a myriad of applications that they can work from to get their jobs done – whether that’s in structured systems like SAP or unstructured systems like cloud file sharing platforms. While this gives users the freedom to work however and from whatever device or application that makes them most productive, the increasing use of these applications and devices can potentially expose an organisation to costly consequences such as fraud, misuse of data and privacy breaches.
“While many organisations do have identity programs in place, most fall short of extending their identity governance programs to include governing access to data. This is why a high degree of control and governance is required. Enterprises can achieve this by implementing identity governance and administration solutions that govern access to data no matter where it resides, giving them greater visibility into “who has access to what.” This is imperative as organisations continue to struggle to address the movement of sensitive information in the enterprise from structured to unstructured systems.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.