Wednesday, 13 June 2018

Here’s how you can secure your AWS Storage Buckets

aws S3 bucket


Amazon Web Services has been a great venture for businesses who have data to store. The AWS Simple Storage Service buckets are inexpensive and can scale easily and can spin up and down quickly and it is backed up and secure by the Amazon which will make it easy to manage. 

With the ease that comes with Management and Deployment can be favorable in some situation and in some it can be not. If the buckets are set to public to access credentials there are high chances for the leaked data to become accessible to anyone in the world. 

Accenture accidentally enabled public access to a database that was containing 40000 passwords and other client credentials stored in the Amazon S3 buckets. There were even other companies such as Dow Jones, INSCOM, and Verizon who left their buckets open to the public. Uber had stored personal information of 57 million users on Amazon S3 where the hackers got in and uber had to pay them to delete the data and silence about the breach. 

RedLock a Cloud Security company found 250 organizations leaking credentials to the AWS Cloud Environments. According to the report generated by RedLock, it is been reported that 53 percent of the organizations that have used the cloud storage services must have unexpectedly revealed at least one service to the public. 

Amazon S3 an Easy, Secure and Ubiquitous Storage Service:

Greg Arnette, Director of Data protection platform strategy at Barracuda Networks said that Amazon Simple Storage Service is reliable and inexpensive cloud storage. An organization using the S3 storage service for data storage hasn’t witnessed any examples of data loss or corruption where now S3 is been referred as the 9th wonder of the world jokingly because of the popularity that it has been achieved all around the globe. 

Companies can opt for keeping their buckets for private use only so that only the approved users and the owners can view the data. The buckets can also be set public use so that anyone can access the data. So if any company keep the product pictures in the AWS bucket then it can be easily embedded in any website. There are instances that the users set their buckets to public access that contains private information but thinking that nobody will know the exact address of the bucket so they won’t be able to access it. 

That is a great misunderstanding that needs to be clarified!

Hackers frequently scan for AWS Simple Storage Service buckets looking for data that can be exploited. Customers don’t realize that it is a shared responsibility of keeping the data secure with its Cloud provider. Amazon said that they are responsible for the security of the cloud and the customers are responsible for the security in the cloud. Enterprises should know the overall functioning of the S3 storage by performing quality assurance on policies and configurations, maintaining the access control list and auditing which user is authorized to access what. 

Managing the whole AWS account cannot be an easy task because there are a lot of things that have to be taken care of. There are many AWS managed service provider that will offer you insights as to how best you can use the AWS services. It is always better to let an AWS partner guide you through the AWS Cloud journey so that you don't face any pitfall. 

Companies can set the AWS Identity Access Manager to solve this problem where they have the top down policy to lock down all the buckets by default and can make exceptions when they want the buckets to be public. The company that multiple AWS accounts can use AWS organizations to inculcate central management console. AWS Guard duty can be used to analyze the S3 bucket permission and get notified whenever the bucket is set to go public.  AWS CloudTrail can be used for governance, risk auditing, compliance and operational auditing. 

With the latest events relating to the issue of the S3 buckets, Amazon has taken steps to make security easier. Now the S3 buckets are made private by default and for the buckets that are public has an icon with a bright orange icon. And if someone is changing the bucket from private to the public then a warning message gets lighted up that “We highly recommend that you never grant any kind of public access to the S3 bucket”.  Amazon also announced that all the buckets are encrypted by default. 

PS: If you want a guide as to how to create an AWS S3 bucket then you can click here.

No comments:

Post a Comment

With the help of Tags, control your IAM Users and Roles

AWS Identity and Access Management (IAM) is a web service which aids you safely manage access of AWS resources. AWS Identity and Access M...