Data at risk

Azure Storage Account without private endpoint and firewall configured

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks
  • CCPA
    • ,
  • cis_8
    • ,
  • HITRUST
    • ,
  • ISO/IEC 27001
    • ,
  • Microsoft Cloud Security Benchmark
    • ,
  • Mitre ATT&CK v12
    • ,
  • New Zealand Information Security Manual
    • ,
  • NIST 800-171
    • ,
  • NIST 800-53
    • ,
  • UK Cyber Essentials

Description

In the storage account creation process, there are three connectivity methods: Public for all networks, Public for specified networks or Private endpoint. Storage account should be configured as Public for all networks only if necessary. If possible, it's recommended to limit access to the storage account by adjusting firewall rules and creating private endpoint to connect the storage account using private link. It was found that {AzureStorageAccount} storage account doesn't use private endpoint and firewall rules.
  • Recommend icon

    Recommended Mitigation

    It is recommended to limit the access to storage accounts by attaching private endpoint and limit the access to the public endpoint using firewall rules. <a href="https://docs.microsoft.com/en-us/azure/storage/common/storage-private-endpoints" target="_blank" rel="noopener noreferrer">https://docs.microsoft.com/en-us/azure/storage/common/storage-private-endpoints</a>

Need help?

Get a free Security Risk Assessment. Start today

Demo the Orca Platform

In just 10 minutes, you’ll see how Orca Security can revolutionize your cloud security strategy. Watch a recorded demo from a cloud security expert now.

Get a Demo