Are your S3 buckets private?

Alongside checking your backups are working, updating your systems, checking for viruses, and all the other monthly tasks, it’s easy to overlook simple security areas of your network and storage.

Over the past few months, there have been a deluge of exposed Amazon S3 buckets which have been exposed or found.

The data of 123 million American voters has been leaked, 20,000 Indian medical records, as well as 48 million social media records, and many many many more.

This is an odd problem, as it’s so easy to set security on Amazon S3. By default, data is not even public – and takes minutes to check and secure. Unless you’ve set a specific IAM policy per file, per bucket, or opened it up to authentication or URL, then your files should be safe.

However, it’s better to be safe than sorry. Amazon have released their Trusted Advisor tool for free, which enables you to easily check both files and buckets are private. You can easily check your buckets and files from the S3 console too, or even use CloudWatch to watch for events.

Alongside your Amazon S3, check your other data – network shares, web servers, and even your database servers (especially MondoDB and Redis).

It’s a simple check – but so many businesses are having their data exposed, that it’s a very good idea to ensure your security is up to the mark; either through business procedures, technical solutions, or auditing and security and penetration testing.