If the new IT employee suggests installing a publicly accessible web server on your central file server, consider separating from it. If he now rejects this idea and instead intends to move the reports from your highly sensitive data warehouse to your web server, he should definitely be fired.
Data Breaches That Come From S3 Buckets
But in today’s cloud world, not everything is always so clear. There are services like Amazon’s S3 that take on multiple, often overlapping roles in an application stack, and where your sensitive files are often just a click away from being published online. Cloud storage services today can do more than just keep a file in one place. They often act as both inputs and outputs for more complex process chains. The end result of all of this is the current flood of serious data breaches that result from S3 buckets.
Enable S3 Logging
By default, S3 does not maintain access logs for objects in a bucket. You can specify per bucket that access logs are written for another S3 bucket. If you regularly check the access, you have a better overview of whether and how your data is retrieved from an unknown location or how and when an outflow occurred in the event of data misuse.
Limit Access To S3
It is important to know that S3 buckets are already configured securely by default. S3 buckets can only be used internally until either policies or permissions are changed that allow public access. AWS provides the buckets and the objects stored in them with a hierarchically structured system of access authorizations, which is called the object key. It also applies to the objects in the individual folders. By default, only the owner of an account and the creator of a resource have access to a bucket and its object keys.
So there are many ways to secure and monitor your S3 buckets within AWS. But they also have to be used. Only if the employees are responsible for setting up the cloud, maintenance and know how to secure it; you can use all of these functions and can provide comprehensive protection for the S3 buckets.