Blog   |   Security   |   October 11, 2017

Introducing BlobCheckr, A Free Tool to Check for Public Permissions on Microsoft Azure Blob Containers

The recent security breach at accounting firm Deloitte demonstrated that securing storage from the public is not limited to one particular cloud platform. The breach also demonstrated that even the largest firms with dedicated cybersecurity teams are vulnerable to human error. After all, if it can happen to them, it can happen to you.
However, if you use CloudCheckr, you can stay out of the headlines, at least for negative reasons. Our Best Practice Checks help lock down your storage, databases, networks, and computing instances. While CloudCheckr is reasonably priced, especially considering the potential cost of a security breach, it’s clear that we need to do our part to ensure that all clouds are protected immediately.
This is why CloudCheckr has introduced BlobCheckr, a free tool that lets users check, instantly, whether they are obeying best practices for their Blob Containers. By default, such containers are secured but it is possible to open them up to the public where someone could unwittingly put confidential information. This is a great example of the Shared Responsibility Model, where all cloud platforms provide strong security in the way that a home builder might build a strong door. However, if you leave the door unlocked or even wide open when leaving, you are not doing your part.

Blob Public

Many enterprises rely on “Security through Obscurity” or simply hoping that the bad guys won’t guess the full address of their storage container. But that isn’t sufficient. A hacker could use brute force techniques to “guess” every combination and find all available storage containers. Alternatively, if somebody creates a link to your storage, and Google or other search engines discover that link, it is now available to the world.
In addition to BlobCheckr, CloudCheckr offers to determine the accessibility of Amazon Web Services S3 Buckets. The services are free and users do not need to be customers of CloudCheckr.

Todd Bernhard headshot
About the Author

Todd Bernhard has been with CloudCheckr handling Product Marketing and Technical Evangelism roles since 2017. He holds multiple certifications including AWS Solutions Architect Associate, Microsoft Azure Fundamentals, Google Cloud Associate Engineer and FinOps Certified Practitioner. Prior to joining CloudCheckr, Mr. Bernhard was an award-winning, bestselling mobile app developer and entrepreneur and previously worked for Sun Microsystems, as an Evangelist, Sales and Technical Trainer and Product Marketing Manager for Sun’s high-end data center servers.