The tag "data-exposure" is attached to any data stores which have sensitive data exposed to internet access
Data exposure of this kind is the primary source of data breaches so it is essential to review each of the items discovered here and ensure remedial action is completed.
Examples include:
- S3 buckets with sensitive data (discovered during data scan) and accessible through a publicly accessible EC2 instance
- EC2 DB instances with sensitive data that is accessible through a publicly accessible EC2 instance
- RDS instances with sensitive data accessible by a user which has MFA disabled
Entities listed with this tag should be reviewed on a periodic basis to ensure that none of the data stores are exposed unintentionally. If the data store is exposed intentionally then sensitive data should not be stored in it.
For IAM users accessing data stores without MFA enabled, those users should be notified to enable it.
From Data Exposure list, select View All which will display the entire list of entities that are determined to be publicly accessible with sensitive data.
You will be redirected to the All Open Risks section with the preset filter tags: data-exposure.
More details can be found in the Risks section.