Amazon has revealed a new security tool for customers using its S3 cloud storage service, to help ensure that data put in the cloud, stays in the cloud, and isn’t leaked elsewhere by accident.
The utility, called Access Analyzer, is for S3 (Amazon’s Simple Storage Service) and it monitors access policies to ensure they are working as intended.
Now by default, buckets (the name for a block of S3 storage) are created to be private, but AWS gives users various mechanisms such as Access Control Lists to configure different levels of access if necessary.
The problem is, if these are incorrectly configured in some way, this can give public access to the data, which could obviously very easily be a disaster.
Access Analyzer monitors for these sort of misconfigurations with a view to flagging them up, enabling any such unintended access to be quickly dealt with and closed off.
In fact, in such a case, public access can be blocked with a single click, with the tool detailing the problem and exact policy issue so you can then head over and take the time to fully address the security hole.
Human error
Sean Roberts, GM of the cloud business unit at Ensono, a hybrid managed services provider, commented:
Amazon S3 is one of the most popular cloud storage solutions, but because of human error it’s historically been a bit of a security liability. …Over the last few years, hundreds of well-known organizations have suffered data breaches as a direct result of an incorrect S3 configuration – where buckets have been set to public when they should have been private.
Roberts added:
When sensitive data is unintentionally exposed online, it can damage an organization’s reputation and lead to serious financial implications. In real terms, this sensitive data is often usernames and passwords, compromising not only the business but its customers too. …Access Analyzer will be a much welcome addition to S3, and will help businesses all over the world audit their storage for misconfigurations and leaky buckets.”
Sources + further reading: TechRadar, How Access Analyzer works