For businesses with data to store, Amazon Web Services can be great. The cloud provider’s S3 storage buckets are relatively inexpensive, can spin up and down quickly, scale easily, and are backed up and secured by Amazon itself, making them easy to manage.
But the ease of management and deployment is a double-edged sword. If the access credentials leak, or the buckets are set to public access, the data becomes accessible to anyone in the world.
This isn't just a theoretical threat. Last year, Accenture accidentally allowed public access to a database containing 40,000 passwords and other client credentials stored in S3 buckets. Other companies that left their buckets open to the public included Dow Jones, Verizon, and military intelligence agency INSCOM. Uber stored personal information on 57 million users on Amazon, hackers got in, and the ride-hailing company ended up paying off the hackers to hide news of the leak.
Cloud security company RedLock recently found 250 organizations leaking credentials to their cloud AWS environments.
In fact, according to a report by RedLock, 53 percent of organizations that use cloud storage services like Amazon S3 have accidentally exposed at least one such service to the public.
To read the rest of this article, please fill out the form below: