Security News > 2021 > September > Microsoft Power Apps data exposure: Prioritizing sensitive data with secure configuration settings

One bad configuration setting in a popular cloud platform can have far-reaching consequences, allowing threat actors to access an abundance of valuable, personal information and use it to their advantage.

Whilst organizations have rushed to adopt cloud platforms, expertise in these platforms has lagged, often resulting in misconfiguration, and leading to many of the cases of data exposure that have been seen.

The incident underscores the importance of secure by default configuration, and that even in low code environments such as Microsoft Power Apps security must still be a consideration for those organizations leveraging the platform.

To some extent this puts the onus on the user of the cloud service to fully understand the consequences of the configuration settings they chose - back to the shared responsibility model.

That said, Microsoft Power Apps has now been updated so that it does not allow anonymous access to data tables by default, and while users of the platform can still choose to change that setting, they are effectively prevented from overlooking a setting that could have far reaching consequences.

Attackers are constantly on the lookout for the low hanging fruit - after all why try to compromise the on-premises systems to gain authenticated access, when the valuable data is available anonymously from a cloud platform.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/bm7PuY1obKo/