82% of companies give third parties access to all cloud data
The Wiz Research team conducted extensive research of permissions provided to 3rd party vendors in cloud environments and the results should be a wake-up call:
"In the majority of cases these permissions are there for no reason: the vendor doesn’t actually need them, and the customer team isn’t even aware that they gave them to the vendor. The most common example is the AWS ReadOnlyAccess policy, which is extremely popular amongst 3rd party vendors (a default for 25% of vendors included in our research). Vendors and customers believe it’s a harmless policy, but instead it provides wide read access to many of your databases, DynamoDB, S3 buckets, SQS queues, and more. Wondering why any vendor would need permissions this broad? Well, they don’t," says Shir Tamari, Head of Research.