Sergey Nivens - Fotolia
Risk & Repeat: Why are Amazon S3 buckets spilling on the web?
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the series of enterprise data leaks through misconfigured Amazon S3 buckets and what should be done about them.
More corporate data has been accidentally exposed through Amazon's Simple Storage Service in recent weeks, raising questions about enterprise security practices.
The most recent exposure of Amazon S3 buckets occurred with Dow Jones & Company Inc. when cybersecurity firm UpGuard Inc. discovered a public S3 bucket containing information for millions of Dow Jones customers, including names, addresses, email addresses and partial credit card numbers.
UpGuard researchers reported the bucket had permission settings that allowed any AWS account holder to download the data from the resource's URL; Dow Jones attributed the exposure to an "internal error."
The Dow Jones incident follows other high-profile discoveries by UpGuard of S3 buckets that were apparently misconfigured by major enterprises, such as Verizon and Booz Allen Hamilton. The lack of access control and permissions settings caused these data repositories to be publicly accessible on the web.
How did these misconfigurations happen? Should Amazon do more to help customers avoid these mistakes? Why are enterprise security policies failing to prevent data exposures in the cloud?
In this episode of the Risk & Repeat podcast, editors Rob Wright and Peter Loshin discuss how these S3 buckets are spilling data, what the consequences are and what should be done about it. They also provide an update on the ongoing controversy surrounding Symantec's certificate authority business.