AWS plugs leaky S3 buckets with CloudKnox integration


Bobby Hellard

3 Dec, 2019

AWS has launched a new tool to help customers avoid data leaks within its simple storage service.

The AWS IAM Access Analyzer is a new function that analyses resource policies to help administrators and security teams protect their resources from unintended access.

It comes from an integration with CloudKnox, a company that specialises in hybrid cloud access management.

It’s a strategic integration designed to protect organisations against unintended access to critical resources and mitigate the risks they face, such as overprivileged identities, according to Balaji Parimi, CEO of CloudKnox.

“Exposed or misconfigured infrastructure resources can lead to a breach or a data leak,” he said. “Combining AWS IAM Access Analyzer’s automated policy monitoring and analysis with CloudKnox’s identity privilege management capabilities will make it easier for CloudKnox customers to gain visibility into and control over the proliferation of resources across AWS environments.”

Amazon S3 is one of the most popular cloud storage services, but because of human error, it’s historically been a bit of a security liability, according to Sean Roberts, GM of Cloud Business Unit at hybrid managed services provider Ensono.

“Over the last few years, hundreds of well-known organisations have suffered data breaches as a direct result of an incorrect S3 configuration — where buckets have been set to public when they should have been private,” he said.

“When sensitive data is unintentionally exposed online, it can damage an organisation’s reputation and lead to serious financial implications. In real terms, this sensitive data is often usernames and passwords, compromising not only the business but its customers too.”

In July, more than 17,000 domains were said to have been compromised in an attack launched by the prolific hacking group Magecart that preyed on leaky S3 buckets. Looking back over the last two years, a number of companies and organisations such as NASA, Dow Jones and even Facebook have been seen breaches from this S3 Buckets.

With the Access Analyzer, there’s a new option in the console for IAM (Identity and Access Management). The toll alerts customers when a bucket is configured to allow public access or access to other AWS accounts. There is also a single-click option that will block public access.