UPDATED 21:05 EST / NOVEMBER 07 2017

CLOUD

After data leaks, Amazon beefs up security and encryption for its S3 cloud storage

In the wake of several incidents that saw Amazon Web Services Inc. customers leave important data unsecured on the internet, the cloud computing giant today announced no less than five new security features to help prevent them.

The announcement comes after high-profile companies including Accenture Plc., Verizon Communications Inc. and the U.S. military contractor TigerSwan, among others, all accidentally left open AWS S3 storage “buckets” packed with confidential data, meaning it was exposed on the web. Most of those incidents were later found to be due to information technology personnel misconfiguring their S3 buckets.

Now, AWS is responding with a number of security enhancements to its S3 platform. These include the introduction of something called Permission Checks, which is in reality a simple yellow button that indicates which S3 buckets are publicly accessible and which are not.

The company is also adding Default Encryption to S3, which should also help customers keep a lid on things. Previously, anything stored in S3 was not encrypted by default. In fact, encrypting things was quite a laborious process, because users needed to create a bucket policy to reject any objects that were not encrypted. With the update, they can now install an encryption configuration that ensures that any unencrypted objects added to S3 will be secured with their specified encryption method.

s3e_access_sort_1

Another new feature, Cross-Region Replication Access Control Lists Overwrite, is designed to help users lock down accounts that access multiple AWS regions. It basically extends the existing ACL feature in S3, which allows developers to control the privacy settings of each block in S3. Now, users can set access permissions for each file, and when those are replicated to another region, the settings will be automatically replicated with them.

For those who use AWS’s Key Management Service, it’s possible to duplicate encrypted files across regions as well. During cross-region replication, encrypted objects are replicated to the destination over an SSL connection. The object remains in its original, encrypted form, and only the envelope containing the keys is changed.

Finally, AWS updated its Detailed Inventory Reports, which now include the encryption status for each object. In addition, the report itself can now be encrypted.

“S3 is one of Amazon’s oldest and most popular services, and like all services it needs a review of capabilities after some time,” said Holger Mueller, principal analyst and vice president at Constellation Research Inc. “That’s what Amazon is doing now, important and good housekeeping.”

But Mueller said the most important aspect is the S3 instance refresh that AWS said it will accelerate after the March S3 downtime in US EAST. “The combination of both is what keeps a cloud service competitive, up to date with current demands and future-proof,” he said.

Image: Sven Graeme/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU