Security Program Controls/Technologies, Content

AWS Introduces Amazon S3 Access Analyzer Tool for Data Leaks

Amazon Web Services (AWS) has announced Access Analyzer for Amazon Simple Storage Service (S3), a tool designed to help organizations minimize the risk of S3 storage bucket data leaks.

Access Analyzer helps an organization evaluate its S3 bucket access policies, AWS indicated. In doing so, Access Analyzer enables an organization to quickly discover and remediate S3 bucket leaks.

How Does Access Analyzer Work?

Access Analyzer alerts an organization if it has an S3 bucket that is configured to allow access to anyone on the Internet or is shared with other AWS accounts, according to AWS. It provides S3 bucket insights or "findings" into level of public or shared access and allows an organization to block all public access to a bucket.

In addition, Access Analyzer enables an organization to evaluate S3 bucket-level permission settings, AWS stated. This ensures that an organization can use Access Analyzer to allow only authorized users to access an S3 bucket.

Access Analyzer is now available at no additional cost in the S3 Management Console in all commercial AWS Regions, excluding the AWS China (Beijing) Region and the AWS China (Ningxia) Region. It also is available via APIs in AWS GovCloud (US) Regions.

Are AWS Cloud Data Leaks Common?

Several global organizations recently have experienced AWS data leaks, including:

  • Capital One: A misconfigured AWS web application firewall exposed data from 100 million individuals in the United States and approximately 6 million in Canada earlier this year.
  • GoDaddy: An S3 bucket error exposed GoDaddy configuration information from the company’s servers last year.
  • FedExFedEx customer identification records were discovered on an unsecured S3 cloud server last year.

Meanwhile, hundreds of thousands of mobile phone bills for AT&T, Verizon and T-Mobile customers recently were discovered online that contained customers' names, addresses, phone numbers and other personal information. This data exposure occurred due to a misconfigured AWS bucket, Threatpost reported.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.