Amazon launched its Simple Storage Service (better known as S3) back in 2006 as a platform for storing just about any type of data under the sun. Since then, S3 buckets have become one of the most commonly used cloud storage tools for everything from server logs to customer data, with prominent users including Netflix, Reddit, and GE Healthcare. While S3 rolled out of the gate with good security principals in mind, it hasn’t all been smooth sailing.
The issue of S3 bucket security has come to a head in recent years with prominent data breaches affecting companies like Uber, Accenture and even the United States Department of Defense. Nearly all of these breaches had one common factor – the administrator in charge of managing cloud storage misconfigured security settings, leaving them open to the public. You might be wondering how this keeps happening time and time again. Shouldn’t there be security defaults available to stop these breaches?