Amazon’s Simple Storage Service (S3) storage buckets are notorious for being left unlocked to the public, even by some of the world’s largest companies. This can result in a massive data breach, if the bucket was holding a corporate database, customer list, or other large collection of sensitive information. And it has. UpGuard security researcher Chris Vickery has found a slew of massive exposures among publicly accessible Amazon S3 buckets. Although the misconfiguration itself, a simple permission, is quite small, its implications can be disastrous.
UpGuard fully supports Amazon S3 nodes and automatically checks public permissions to ensure they are closed. This simple but critical check could be the difference between performing casual routine maintenance and handling a severe data breach on the front page of the news. UpGuard validates the public permissions for every S3 bucket added as a node , not just once at deployment, but continuously and automatically, notifying you only if something is left open. We hear a lot about 0-day exploit prevention, advanced intrusion defenses, and other cutting edge cybersecurity technologies, but simply making sure S3 instances are secure to the public would likely prevent more breaches than all of those put together.