Unencrypted Cloud Storage

High Risk Cloud Security

cloudencryptionstorages3azuregcpdata-protectioncompliance

What it is

Cloud storage resources (S3 buckets, Azure Blob Storage, Google Cloud Storage) configured without encryption at rest or in transit, exposing sensitive data to unauthorized access. This vulnerability affects data confidentiality and regulatory compliance across all major cloud providers.

Language:

Example:

Example:

ℹ️ Configuration Fix

Configuration changes required - see explanation below.

💡 Explanation

ℹ️ Configuration Fix

Configuration changes required - see explanation below.

💡 Explanation

ℹ️ Configuration Fix

Configuration changes required - see explanation below.

💡 Explanation

ℹ️ Configuration Fix

Configuration changes required - see explanation below.

💡 Explanation

ℹ️ Configuration Fix

Configuration changes required - see explanation below.

💡 Explanation

ℹ️ Configuration Fix

Configuration changes required - see explanation below.

💡 Explanation

ℹ️ Configuration Fix

Configuration changes required - see explanation below.

💡 Explanation

ℹ️ Configuration Fix

Configuration changes required - see explanation below.

💡 Explanation

Why it happens

Using cloud storage services with default settings that don't enable encryption, leaving data unprotected at rest

Root causes

Default Storage Configuration

Using cloud storage services with default settings that don't enable encryption, leaving data unprotected at rest

Missing Transit Encryption

Allowing unencrypted HTTP connections to storage services instead of enforcing HTTPS/TLS for data in transit

Inadequate Key Management

Not implementing proper encryption key management practices or using weak encryption algorithms

Legacy Infrastructure Migration

Migrating from on-premises systems without updating security configurations to include cloud-native encryption

Fixes

1

Enable Server-Side Encryption

Configure automatic server-side encryption for all cloud storage resources using cloud provider managed keys or customer-managed keys

2

Enforce HTTPS/TLS

Implement bucket policies and access controls that deny all HTTP requests and require encrypted connections

3

Implement Client-Side Encryption

Add application-level encryption for sensitive data before uploading to cloud storage for defense in depth

4

Automate Compliance Monitoring

Deploy cloud security tools and policies that automatically detect and remediate unencrypted storage resources

Detect This Vulnerability in Your Code

Sourcery automatically identifies unencrypted cloud storage and many other security issues in your codebase.

Scan Your Code for Free Explore More Vulnerabilities