Every public cloud storage service offers buckets, a term coined by AWS for the repositories that house data objects on the cloud. (Azure calls them ‘blobs’). Enterprise customers can configure storage buckets in any way they choose, including the region in which the bucket is maintained, the lifecycle rules for objects in the bucket, general access rights, and much more. But there are two main attributes to these buckets that should not be ignored: (1) cloud buckets are by nature a shared service that resides outside of the virtual private cloud and firewall perimeter (2) cloud buckets are based on object storage, which doesn’t enforce file system ACLs that have been used for years by organizations to define file-level granular permissions.