A Guide to AWS S3 Buckets Security
by Gerben Kleijn, on Jul 10, 2018 12:50:40 PM
Avoid Common Mistakes When Deploying Cloud-based Services
The Threat of Poor AWS S3 Buckets Security
If your organization uses Amazon Web Services (AWS), it is extremely important to understand AWS S3 buckets security. Configuring your S3 buckets the right way can mean the difference between business as usual and nearly catastrophic data leaks. If you’ve noticed in the past few years, AWS S3 data leaks are not uncommon – and it’s fairly probable that your organization is not immune to them. They have affected high-profile organizations like Verizon, Accenture, and several others in recent memory.
Further complicating matters, it’s almost impossible to discover whether or not your data was actually ever accessed. Should you believe you’ve been the target of a malicious entity, the detective work to determine the truth can be beyond frustrating.
It Doesn’t Have To Be This Way.
In this guide, I will review several security control options that AWS users can use to protect their data. Areas covered include:
- Provisioning and Access Controls
- Everyone and Authenticated Users
- Versioning and Multifactor Authentication Delete
- Logging and Monitoring
Become More Secure Today.
This guide serves as a thorough introduction to how you can avoid a disastrous AWS S3 bucket data leak. If you have any thoughts or suggestions on how we can improve our content, please don’t hesitate to email us or talk to us on Twitter.
Gerben Kleijn is a Senior Security Analyst at Bishop Fox, a security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. In this role, Gerben focuses on compliance gap assessments, cloud deployment reviews, as well as firewall and VPN reviews. He also has significant experience with security monitoring and alerting. Gerben has worked on both the offensive and defensive side of security. Notable projects include securing information from the Dark Web and conducting gap assessments against the Critical Security Controls (CSC) Top 20 in addition to ISO 27001 and the National Institute of Standards and Technology (NIST) Cybersecurity Framework.