2 min Security

Leiden University study tracks misconfigurations at 215 companies

Leiden University study tracks misconfigurations at 215 companies

Misconfigurations remain the order of the day with cloud storage services. This makes the data in these repositories accessible to everyone.

A study led by Soufian El Yadmani, PhD student at Leiden University, highlights the importance of properly configuring cloud storage services. Indeed, these continue to cause problems and can lead to data breaches.

The researchers contacted 215 organizations in more than 14 countries about misconfigurations of their buckets. About 60 percent of the companies contacted resolved the issues, totaling 95 problems.

API keys and sensitive data

In many cases, sensitive information, such as API keys, personal documents, and medical records, could be accessed. The industries in which the organizations of the vulnerable buckets operated are not the least either: tech companies, financial institutions, healthcare, and police departments.

The research team detected the vulnerabilities by using automation tools. These tools were needed to sift through the vast amount of data.

Data breaches due to human error

The study once again shows where organizations’ biggest vulnerabilities often lie—with staff. “They occur because of human errors: misconfigurations, mistakes, and lack of system management efforts. This is especially evident with the growing reliance on cloud environments for storing and hosting data,” the researchers tell Computable.

Also read: Nearly all companies have misconfigurations in cloud environments