Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Ask The Experts

1/6/2020
08:30 AM
Kurtis Minder
Kurtis Minder
Ask the Experts
Connect Directly
Facebook
Twitter
RSS
E-Mail
50%
50%

What Tools Will Find Misconfigurations in My AWS S3 Cloud Buckets?

Misconfigured cloud buckets leak sensitive data. Here's how to keep your Amazon Web Services (AWS) Simple Server Storage (S3) buckets secured.

Question: Are there any tools that can help me find misconfigurations in my AWS S3 cloud buckets?

Kurtis Minder, CEO of GroupSense: Yes. There are a number of tools that are available to look for misconfigured or open S3 buckets. Most of these tools are available for free on GitHub. S3-inspector, S3Scanner, and Bucket Finder are a few that will uncover buckets and misconfigurations.

Keep in mind, threat actors can use these tools also. Better to use on yourself before they do. In fact, cybercriminals don't even bother hacking into systems deployed on AWS – there are so many misconfigured S3 buckets out there that they just use these tools to find the screw-ups and steal the data. I saw a stat from Skyhigh Networks that 7% of all S3 buckets have unrestricted public access, and 35% are unencrypted.

This is like shooting fish in a barrel for data thieves, so it is really critical for companies to use these tools to shore up their configurations before they start putting sensitive data into AWS or any other public cloud.

Related Content:

 

Kurtis Minder is a driven entrepreneur developing new technologies to make the world a better place. He is currently the CEO of GroupSense, an enterprise digital risk management company.  Minder is also a frequent contributor to the startup community and serves as an ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
tdsan
50%
50%
tdsan,
User Rank: Ninja
2/13/2020 | 2:18:52 PM
First ensure your bucket is secure from AWS Standpoint


First, secure the public access to the AWS environment as illustrated above

Second, run IAM S3 Service policies to ensure only certain service accounts can access the data

Third, encrypt the data using internal tools and validate encryption policies (AWS provides steps to reduce the level of risk - AWS S3 Security Steps

Todd
Flash Poll