Protecting Against Open S3 Buckets

Almost every week there is another incident of an Amazon S3 storage bucket being left open for anyone to access. These openings allowed data ranging from personal details of wireless customers to 200 million voter records to be exposed for anyone to see, or take. These exposures are not the fault of Amazon. They usually result from user error. The situation is so bad, Amazon is actually emailing users to let them know certain data sets are exposed. Beyond making sure best practices are followed, what can organizations do?

An S3 bucket is a logical unit of storage on Amazon Web Services (AWS) object storage system, Simple Storage Solution S3. Buckets are used to store objects, which consist of data and metadata describing that data. Typically, these buckets are secured when they are created so that only authenticated users can access them.

But sometimes, especially in initial development of an application, these buckets are left unsecured to make it easier for multiple users to test them. The problem is when the application moves into production, no one remembers to secure the bucket, leaving it open for anyone to gain access.

Protecting the organization from the impact of an open S3 bucket is another benefit of a cloud data preservation platform. If the data preservation software is used in conjunction with the S3 bucket, it will apply its own data encryption to the data stored in that bucket. This means even if the S3 bucket is exposed or left open, the data is unreadable by the accessor.

In addition, the data preservation software will track and alert who is accessing the data and even protect it from bulk erases. As these alerts come in IT can take immediate action to lock down the bucket so that only authenticated individuals can access the data. While nothing replaces the best practices of secure a S3 bucket, having an extra layer of protection to prevent against potential data loss is always a good idea.

Moving data to the cloud is something many organizations are considering. But security concerns continually plague the process. Data preservation solutions not only provide that extra layer of protection, they provide a full audit log on who is accessing cloud-based data.

To learn more about safely and responsibly preserving data in the cloud watch our live webinar, “The Showdown for Data Preservation: Iron Mountain vs. The Cloud”.

Watch On Demand

Eight years ago George Crump, founded Storage Switzerland with one simple goal. To educate IT professionals about all aspects of data center storage. He is the primary contributor to Storage Switzerland and is and a heavily sought after public speaker. With 25 years of experience designing storage solutions for data centers across the US, he has seen the birth of such technologies as RAID, NAS and SAN, Virtualization, Cloud and Enterprise Flash. Prior to founding Storage Switzerland he was CTO at one the nation's largest storage integrators where he was in charge of technology testing, integration and product selection.

Tagged with: , , , , , , , , ,
Posted in Blog

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 21,718 other followers

Blog Stats
  • 1,038,380 views
%d bloggers like this: