Resources Articles How to Keep your Data Secure in AWS S3

How to Keep your Data Secure in AWS S3

By Julian Anjorin On October 4, 2017 In Articles

How to Keep your Data Secure in AWS S3

In 2017, millions of users were affected by major data security breaches at companies using Amazon Web Services Simple Storage Service – the popular cloud storage and service platform better known as AWS S3.

AWS S3 User Errors

When high-profile issues happen on the Web, it’s common to look for outside culprits. However, the pattern has been different with Amazon S3.  User error is the main driver behind the most significant security events. This comes in two forms:

Misconfiguration

The company making configuration changes that cause their S3 “bucket” to become publicly visible, thus exposing their bucket URL and making it easier for antagonists to gain access to their cloud resources.

Accidental Neglect

Senior executives failed to understand the relationship between Amazon infrastructure and their security practices – e.g., believing their usage of Amazon Web Services externalizes responsibility for security.

Whatever the problem’s origins, Amazon S3 caused many serious data security crises in 2017. Global enterprises came up short in efforts to safely harness cloud services, suggesting a reappraisal of security practices is needed.

Examples of User Errors

Some examples include:

Verizon

Verizon saw data for up to 16 million users leaked online. IT partner NICE Systems, an Israeli-based data security firm, failed to limit external access to a sensitive S3 server. As a result, criminals may have data enabling them to pose as Verizon customers when using phone support.  

Viacom

In an embarrassing blunder, Viacom misconfigured an S3 bucket containing a treasure trove of its most sensitive IT data. A set of 72 compressed files on an S3 server contained what appeared to be a backup for the company’s global IT operations, including passwords and encryption keys.  

Time Warner

Time Warner Cable exposed 4 million subscriber records when a contractor failed to secure an Amazon cloud database. Seven years’ worth of data became publicly accessible, including addresses, contact phone numbers, and account information.  

The repercussions are tremendous. Through no fault of their own, customers are at risk of identity theft for years to come after a cloud platform breach. This erodes confidence in the brands thus exposed, potentially losing millions in lost business.   

How to Fix AWS S3 Risks and Reduce Leaks

Amazon S3 represents an opportunity to leverage world-class cloud architecture. However, enterprises must recognize that retaining Amazon as a cloud partner does not take care of their security requirements. Although Amazon proactively monitors its infrastructure and resolves systemic issues, security experts on the client side must guard against unintentional misuse of the service. There are a few things you can do:

Know Where Your Sensitive Data Is

Third-party tools can be used to enact data loss prevention across Infrastructure-as-a-Service platforms, including AWS S3. DLP policies can process automatically based on identifiers, keywords, and data fingerprints. S3 buckets containing sensitive data should be identified and buckets that have been configured for public access should be monitored.

Audit Your Security Configuration in AWS

Amazon Web Services includes a wide range of data security tools. Many third-party enterprises offer a security configuration dashboard that can consolidate and track the dozens of AWS security settings that can lead to unintentional public access. Security experts should audit the enterprise AWS posture on a regular basis to proactively remediate security holes.

Encrypt your data: AWS Guide on How to Encrypt Your Data

Monitor Your AWS S3 Buckets access: Activate Server Access Logging

AWS S3 is a powerful tool. Human error – rather than external antagonists – remains the biggest challenge in using it. By scrupulously employing a few simple best practices, you’ll significantly reduce the likelihood of data security problems.

How Sedara Can Help You

Sedara’s cybersecurity experts can teach you everything you need to know in order to stay compliant. Contact us today to get started.

Subscribe to Sedara Declassified to get timely updates on new and evolving threats–and what to do about them–just like our clients do.

Accomplish your security & compliance goals.
Easier.

Get a Demo