This post was originally published here by gregg rodriguez.
Last year was the year of “leaky buckets,” as in S3 buckets, making some of our worst cloud security fears a reality. S3, or Simple Storage Service, is a public cloud storage service within Amazon Web Services (AWS). Just a few months into 2019, we are already seeing examples of data breaches occurring, some recent ones due to organizations unknowingly having leaky S3 buckets.
As many as 7% of all S3 buckets are completely publicly accessible without any authentication, while 35% are still unencrypted, according to recent statistics.
S3 buckets have quickly become a favorite of IT teams, as they provide a simple web service interface enabling them to store and retrieve any amount of data, at any time, from anywhere on the web. While many enterprises are rushing to ensure their data stored in public clouds is secure, they still have a long way to go when it comes to securing it based on recommended best practices from AWS.
By default Amazon S3 buckets are private and can only be accessed by users to whom you have explicitly given access. Although they are generally configured to allow public download of files, as you often need to make them accessible to your business partners or other entities outside of your company.
Unfortunately, if you combine the massive amount of personal or confidential data often stored in the cloud with how often cloud storage technologies, such as S3 buckets, are misconfigured, the results can be disastrous, as proven in recent data breaches.
Contrary to popular belief, attacks on S3 buckets have been mostly due to misconfigurations and not to sophisticated hacking techniques. In many cases, S3 data breaches are a s simple as scanning for and discovering exposed buckets, then connecting and downloading the data.
As S3 adoption accelerates, even small organizations can quickly amass thousands of S3 buckets – and in many cases, some of the buckets, created for internal use only, are unknowingly exposed to the entire internet. Leaving you wide open for a data breach so costly it could ruin your company.
Cloud Requires New Approach to Security
Cloud computing is driven by a new infrastructure model, so it also requires a new approach to security. In the AWS environment, Amazon provides a secure foundation across physical, infrastructure, and operational security, while you maintain responsibility for protecting the security of your application workloads, data, identities, on-premises resources, and all the cloud components that you control. This is referred to as the “Shared Responsibility Model.”
To ensure the security of your cloud computing resources, it’s important you fulfill your end of the shared responsibility model by using and configuring services, such as S3, correctly.
The good news: You can avert these types of attacks by applying best practices for securing your cloud service and by using a security solution that offers the most comprehensive security visibility coverage for AWS, by giving you the ability to:
- Continuously inventory S3 buckets in use across multiple AWS accounts
- Automatically identify buckets exposed to the internet
- Tune out buckets that have specific exceptions due to business partnerships
- Provide instructions for S3 buckets owners to remediate unnecessarily exposed buckets.
- Confirm when bucket exposures are remediated.