Data Exposure in the Cloud (AWS S3)

AWS S3 is an object storage service in the Amazon cloud. S3 allows both users and applications to save and retrieve practically any type of data that can be stored in its digital form. S3 data is saved in buckets. These are containers of software in which data can be stored and retrieved on an as-needed basis. Many enterprises continue to leave cloud storage buckets unprotected, even though extensive documentation is available on how to properly secure these buckets. Recent studies (https://laminarsecurity.com/blog/new-research-finds-21-of-publicly-facing-cloud-storage-buckets-contain-sensitive-pii-data/) have shown that 1 in 5 publicly accessible buckets contained sensitive data (PII). In the past, many buckets have been widely exposed (https://github.com/nagwww/s3-leaks). In Kaduu, you can monitor S3 buckets, but also Azure cloud storage containers for sensitive data related to your keyword.

The main S3 security risks

Some of the most important S3 risks include:

  1. Configuration errors or failures that allow malicious users to access sensitive data in S3 buckets
  2. Lack of understanding of what data is stored in S3 buckets and if protection for that specific data is adequate
  3. Configuration problems that allow bad actors to upload malware to S3 buckets, and potentially create a baseline that they can use for further attacks

How to search and monitor cloud storage?

You can enter any keyword like “bank” or “bank switzerland” and Kaduu will monitor for the exact match in public cloud storage on a daily base. Your monitored keywords are displayed on the dashboard and result can be viewed and filtered:

What data should you look for?

Basically any senstive data. Ususally only the own company knows best what is considered senstive according to the data classification. In general it can be said that sensitive data is any data that should not be accessible to unauthorized persons. Sensitive data may include personally identifiable information (PII), such as social security numbers, financial information, or login credentials. A sensitive data compromise occurs when an organization unknowingly discloses sensitive data or when a security incident results in the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of or access to sensitive data. Such data compromise may result from inadequate protection of a database, misconfigurations when setting up new instances of data storage, inappropriate use of data systems, etc.