Online form maker, FormGet, which allows its 43,000 customers to create online forms so others can submit their resumes or apply for a job, or provide proof of address or employment, buy goods online, etc, left one of its cloud storage servers online and exposed without a password. The storage bucket, which FormGet pulled offline last night, was packed with hundreds of thousands of files and documents.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
“The problem of misconfigured cloud storage is often exacerbated by trusted third-parties. Most modern businesses have a legitimate need to share their data with diverse vendors, for example, to grow sales and increase profits via external analytics and forecasting capabilities. Vendors may often prioritize performance over data protection to survive on a highly competitive global market. Despite that most companies do have a vendor risk management policy, few are properly enforced and even less are being continuously monitored for non-compliances. Consequently, your data may suddenly land at the most unexpected place, exposing your company to severe regulatory penalties and a great wealth of other legal ramifications.”
“The problem of misconfigured cloud storage is often exacerbated by trusted third-parties. Most modern businesses have a legitimate need to share their data with diverse vendors, for example, to grow sales and increase profits via external analytics and forecasting capabilities. Vendors may often prioritize performance over data protection to survive on a highly competitive global market. Despite that most companies do have a vendor risk management policy, few are properly enforced and even less are being continuously monitored for non-compliances. Consequently, your data may suddenly land at the most unexpected place, exposing your company to severe regulatory penalties and a great wealth of other legal ramifications.”