Protecting Against Open S3 Buckets

Almost every week there is another incident of an Amazon S3 storage bucket being left open for anyone to access. These openings allowed data ranging from personal details of wireless customers to 200 million voter records to be exposed for anyone to see, or take. These exposures are not the fault of Amazon. They usually result from user error. The situation is so bad, Amazon is actually emailing users to let them know certain data sets are exposed. Beyond making sure best practices are followed, what can organizations do?

An S3 bucket is a logical unit of storage on Amazon Web Services (AWS) object storage system, Simple Storage Solution S3. Buckets are used to store objects, which consist of data and metadata describing that data. Typically, these buckets are secured when they are created so that only authenticated users can access them.

But sometimes, especially in initial development of an application, these buckets are left unsecured to make it easier for multiple users to test them. The problem is when the application moves into production, no one remembers to secure the bucket, leaving it open for anyone to gain access.

Protecting the organization from the impact of an open S3 bucket is another benefit of a cloud data preservation platform. If the data preservation software is used in conjunction with the S3 bucket, it will apply its own data encryption to the data stored in that bucket. This means even if the S3 bucket is exposed or left open, the data is unreadable by the accessor.

In addition, the data preservation software will track and alert who is accessing the data and even protect it from bulk erases. As these alerts come in IT can take immediate action to lock down the bucket so that only authenticated individuals can access the data. While nothing replaces the best practices of secure a S3 bucket, having an extra layer of protection to prevent against potential data loss is always a good idea.

Moving data to the cloud is something many organizations are considering. But security concerns continually plague the process. Data preservation solutions not only provide that extra layer of protection, they provide a full audit log on who is accessing cloud-based data.

To learn more about safely and responsibly preserving data in the cloud watch our live webinar, “The Showdown for Data Preservation: Iron Mountain vs. The Cloud”.

Watch On Demand

George Crump is the Chief Marketing Officer at VergeIO, the leader in Ultraconverged Infrastructure. Prior to VergeIO he was Chief Product Strategist at StorONE. Before assuming roles with innovative technology vendors, George spent almost 14 years as the founder and lead analyst at Storage Switzerland. In his spare time, he continues to write blogs on Storage Switzerland to educate IT professionals on all aspects of data center storage. He is the primary contributor to Storage Switzerland and is a heavily sought-after public speaker. With over 30 years of experience designing storage solutions for data centers across the US, he has seen the birth of such technologies as RAID, NAS, SAN, Virtualization, Cloud, and Enterprise Flash. Before founding Storage Switzerland, he was CTO at one of the nation's largest storage integrators, where he was in charge of technology testing, integration, and product selection.

Tagged with: , , , , , , , , ,
Posted in Blog

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 25,553 other subscribers
Blog Stats
%d bloggers like this: