Lightspin: 46% of AWS S3 buckets could be misconfigured and unsafe

Elevate your enterprise data technology and strategy at Transform 2021.

Cloud misconfigurations expose organizations to significant risk, according to a new analysis of Amazon Web Services (AWS) Simple Storage Service (S3) buckets conducted by Lightspin, a cloud security provider. In-depth research into 40,000 AWS buckets and their cloud storage permissions found that 46% of AWS S3 buckets could be misconfigured and should therefore be considered unsafe, Lightspin said.

Above: A diagram that explains how AWS evaluates access and assigns definitions to objects within S3 buckets.

Misconfigured S3 buckets can open your cloud environment up to a huge amount of risk. Public read access could lead to a data breach, while public write access can launch malware or encrypt data to hold your company ransom.

Certain AWS cloud storage permissions are currently complex and even obtuse, as one of the AWS access options is defined as “Objects can be public.” As AWS evaluates the access permissions of all files at the bucket level, rather than the object level, an object’s ACL is not considered. In short, the definition “Objects can be public” doesn’t allow organizations to definitively understand whether their objects are accessible or not. The diagram above can help to visualize which objects would be given this classification.

Lightspin’s research revealed that more than 40% of AWS S3 buckets have this definition attached, on top of the 4% that are defined as public. As part of this research, the company created a free, open source Python tool that scans the cloud environment in full and clarfies which objects are public and which are not.

Read Lightspin’s full research into the risks of misconfigured S3 buckets.

VentureBeat

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Source: Read Full Article