Google Cloud storage may not be as secure as we’d all hope it is

Logs are every investigator’s best friend

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

GoogleCloud may have some concerning security flaws that could allow threat actors to exfiltrate data from thecloud storageplatform without being spotted.

The findings come courtesy of cybersecurity researchersMitiga, which found Google Cloud Platform (GCP)’s logs, which are usually used to identify attacks and understand what threat actors have been able to achieve, are subpar, leaving much to be desired.

At their current state, they don’t provide the level of visibility to allow for “any effective forensic investigation”, the researchers said, concluding that the organizations using GCP are “blind” to potential data exfiltration attacks.

Blind to attacks

However Google has not classified the findings as a vulnerability, so no patch has been released - although it has published a list of mitigations users can deploy if they fear their current configuration brings risks.

Consequently, businesses can’t effectively respond to incidents, and have no way to precisely determine what data was stolen in an attack.

Usually, an attacker will gain control over an Identity and Access Management (IAM) entity, grant it the required permissions, and use it to copy sensitive data. As GCP doesn’t provide the necessary transparency regarding permissions granted, businesses will have a really hard time monitoring data access and potential data theft, the researchers concluded.

Oracle Cloud admits users could access other customer data>Google Cloud apparently has a security issue even firewalls can’t stop>These are the best endpoint protection services around

While Google does offer its customers the ability to turn on storage access logs, the feature is turned off by default. By turning it on, organizations could be better at detecting and responding to attacks, but the feature might cost extra to be used. Even if it’s turned on, the system is “insufficient” and creates “forensic visibility gaps”, the researchers added, saying that the system chooses to group “a wide range of potential file access and read activities under a single type of event — ‘Object Get.’”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

This is a problem because the same event is used for reading a file, downloading it, or even just reading the file’s metadata.

Responding to Mitiga’s findings, Google said it appreciates Mitiga’s feedback but doesn’t consider it a vulnerability. Instead, the company provided mitigation recommendations, which include the use of VPC Service Controls, organization restriction headers, as well as restricted access to storage resources.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Logitech Brio 105 for Business review

Sihoo Doro S100 ergonomic office chair review

Owl Labs Meeting Owl 4+ review