Secure Your Buckets

When it comes to public cloud storage, traditional storage concepts such as hard disks and RAID arrays have been replaced by new, much more flexible options. Data stored within a cloud platform has become virtually independent from its underlying hardware implementation, and it benefits from nearly limitless redundancy options, many even as a default configuration.

Storage terminology has also changed. A much-used storage concept Amazon uses are the so-called buckets. It is easiest to see an Amazon bucket as an incredibly flexible, highly accessible and distributed folder. These buckets can be hosted in a region of choice if needed and options such as logging, and performance can be adjusted to match the requirements and budget of the customer.

This flexibility does not come without risks, however. Many cloud users knowingly or unknowingly allow public access to the buckets and their contents. In some case this is a misconfiguration, in other cases, it is simply the lack of understanding of the relatively new technology. Whatever the underlying reasons are, unsecured buckets have already led to many data breaches and will likely continue to do so in the future. An Amazon S3 bucket access misconfiguration by web company LocalBlox, for instance, caused a major incident in February 2018. This company stored a 1,2 TB file containing 48 million records of users’ internet behavior linked to their IP addresses inside a publicly accessible s3 bucket. As soon as the company was notified of the issue, they closed the access down. It is hard to know with certainty, however, if anyone else has downloaded a copy of the sensitive (and to the company also valuable) user data before the access lockdown and where that copy could have ended up. Once data has been publicly accessible for any length of time, it becomes nearly (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Frank Siemons. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/5JHCZa1MpKE/