Findings

Every finding ranked by dollar loss. Click filters to re-sort.

Total Annual Loss Exposure

$1,394,000

Across 5 visible findings
Sum of per-finding ALE (mode)

critical

Storage account allows public blob access

Storage account 'nwcustexports' has public blob access enabled AND contains data tagged data_class=pii.

Cloud Scan·nwcustexports (Azure Blob)·7 days ago

$780,000

$380,000 – $1,500,000

high

SQL Server firewall allows 0.0.0.0/0

nw-orders-db firewall rule permits all inbound IPs on port 1433. Public internet can attempt authentication.

Cloud Scan·nw-orders-db (Azure SQL)·9 days ago

$340,000

$180,000 – $680,000

high

Key Vault purge protection disabled

Production Key Vault lacks purge protection. Soft-deleted secrets could be permanently destroyed before recovery window expires.

Cloud Scan·nw-prod-kv·12 days ago

$210,000

$95,000 – $440,000

medium

Stale user account with active SSH key on jump host

User account has not signed in for 187 days but retains SSH key authorization on nw-jumphost-01.

Cloud Scan·nw-jumphost-01·30 days ago

$42,000

$18,000 – $86,000

medium

CloudTrail logs retained for only 30 days

Audit logging retention below SOC 2 CC7.2 minimum of 1 year.

Cloud Scan·nw-prod-subscription·22 days ago

$22,000

$8,000 – $48,000