How to seal your AWS Bucket and stop data breaches?

How to seal your AWS Bucket and stop data breaches?
Despite setting up top notch security measures, people often forgot to remember that a single careless act from them could cost data worth millions to fall into the wrong hands. In one of the latest example of which was indeed a hard lesson for Dow Jones, the company leaked personal data on 2.2 million customers including their email and digits of credit cards. The leaks happened to occur due to misconfigured settings in the AWS.

Last month, Verizon, an American telecommunication conglomerate, faced a report stating that sensitive data of 6 million customers were exposed on internet, which included name, contact details and account PIN. The leak was sourced from the AWS environment of the company's customer service vendor, Nice Systems. The incident has further augmented two security challenges in cyber security- Third Party Partners and AWS S3 Buckets.

As companies are associated with more number of business partners, who are given access to the data, security challenges has considerably increased. Even while organizations are maintaining good security shields, data is being compromised due to weak security enabled by the vendor partners. Researches have observed that a complex digital chain company is having an average of 1,555 external partners who access data through cloud services, which implies the severity of the issue.

Verizon reportedly allowed Nice Systems to store customer data in AWS by blindly trusting Nice’s security practices. Verizon literally was at the mercy of Nice System in getting the job done. Meanwhile, Nice Systems claims to be an established network with over 80 Fortune 100 company connections, which means that one cannot question Verizon’s decision to associate with Nice System. Findings showed that over 50% of these complex enterprises are linked with 58 vendors, which proves the diverse possibility of data leaks to affect companies.

These type of AWS S3 Bucket leaks are frequently stealing the headlines in cyber security. Once the S3 Bucket configurations are open to public, anyone can access the data inside without even conducting additional hacking process. In case of Nice Systems, the leaked link was easy to guess. Researches on AWS Environments has shown 7% of S3 Buckets in the enterprise comes with no restrictions, while 35% them are unencrypted. AWS S3 Buckets enables companies to store lump sums of data on a secure platform. But it depends on the administrators who are responsible in configuring and monitoring security settings for data to remain secured all the time. Enterprises have hundreds of S3 Buckets which are periodically audited and configured. This creates chances for human errors to occur.

So how to minimize the occurrence of errors in cyber security, as humans are always known for their trait of carelessness?

That’s where dedicated efforts like Cloud Access Security Broker (CASB) have surfaced. CASB can perform automated IaaS security audits across multiple instances and IaaS applications. StegoSOC can assist you in anticipating your data vulnerabilities with intelligent security insights derived from various automated processes like CASB, which helps in performing Data Loss Prevention (DLP) across IaaS services. By applying data identifiers, keywords and fingerprints, users can locate their data and initiate appropriate methods to ensure security of S3 Bucket data.

The same process can be used to monitor S3 Buckets that are intentionally made public and encrypted so that if the data is uploaded to the bucket in a later stage, it can be blocked and security can be notified. CASB can be relied to monitor over 70 AWS security configuration settings and flag those who are non-compliant with an ISMS controls and the risk profile of the IaaS deployment. The method can provide recommendations and in-product remediation platform, so customers can eliminate security loopholes they discover in an audit. Using the audit to identify and eliminate publicly accessible and unencrypted S3 buckets is low hanging fruit for IT Security that may help keep your company name out of the headlines down the road.

AWS Partner Network
PCI DSS Compliant
PCI DSS Certification
NASSCOM Emerge 50 Awards