Azure blob is a Microsoft object service optimized for storing large amounts of unstructured data. Data is stored inside blobs grouped into containers that, in turn, are tied to a user’s storage account.
There are three types of blobs:
Blobs provide an efficient way to host and serve data over HTTP/HTTPS. Blob objects can be accessed using Azure PowerShell, Azure CLI, Azure Storage REST API, or a client library (available in .NET, Java, Go, PHP, Node.js, Ruby, and Python).
To start uploading blobs, you first need to create a container to house them. You can think of a container as a folder on your file system, with blobs being actual files. A container can be created directly from the Azure portal using a storage account.
Any client can read data in a blob container configured for public access. Avoid this unless expressly needed; make sure you don’t select Allow public access when creating a blob container. Such incorrect configuration could allow malicious actors to anonymously access the container blobs without requiring a shared access signature. For more information, view the Microsoft Azure documentation on this topic.
Orca can detect when a blob public access setting allows anonymous read access, and alerts on this issue (see screenshot).
Orca further detects sensitive data at risk across both the workload and control plane, pinpointing the exact location and providing masked data samples for quick remediation. It also leverages context such as location and accessibility of assets containing the data.
For all storage accounts, ensure that Configuration ➤ Blob public access is set to disabled.
Ensure Public access level is set to Private for all containers.
Regularly audit for any storage accounts or containers that allow public access.
Use shared access signature tokens to provide restricted access to blob containers.
Orca Security, the cloud security innovation leader, provides cloud-wide, workload-deep security and compliance for AWS, Azure, and GCP － without the gaps in coverage, alert fatigue, and operational costs of agents.