Sergey Nivens - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Risk & Repeat: Why are Amazon S3 buckets spilling on the web?

Listen to this podcast

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the series of enterprise data leaks through misconfigured Amazon S3 buckets and what should be done about them.

More corporate data has been accidentally exposed through Amazon's Simple Storage Service in recent weeks, raising questions about enterprise security practices.

The most recent exposure of Amazon S3 buckets occurred with Dow Jones & Company Inc. when cybersecurity firm UpGuard Inc. discovered a public S3 bucket containing information for millions of Dow Jones customers, including names, addresses, email addresses and partial credit card numbers.

UpGuard researchers reported the bucket had permission settings that allowed any AWS account holder to download the data from the resource's URL; Dow Jones attributed the exposure to an "internal error."

The Dow Jones incident follows other high-profile discoveries by UpGuard of S3 buckets that were apparently misconfigured by major enterprises, such as Verizon and Booz Allen Hamilton. The lack of access control and permissions settings caused these data repositories to be publicly accessible on the web.

How did these misconfigurations happen? Should Amazon do more to help customers avoid these mistakes? Why are enterprise security policies failing to prevent data exposures in the cloud?

In this episode of the Risk & Repeat podcast, editors Rob Wright and Peter Loshin discuss how these S3 buckets are spilling data, what the consequences are and what should be done about it. They also provide an update on the ongoing controversy surrounding Symantec's certificate authority business.

Next Steps

Risk & Repeat: Kaspersky Lab removed from GSA schedule

Risk & Repeat: Machine learning poised to revolutionize identity and access control

Risk & Repeat: How NotPetya ransomware changes the threat landscape

Enterprise Desktop
  • Understanding how GPOs and Intune interact

    Group Policy and Microsoft Intune are both mature device management technologies with enterprise use cases. IT should know how to...

  • Comparing MSI vs. MSIX

    While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...

  • How to install MSIX and msixbundle

    IT admins should know that one of the simplest ways to deploy Windows applications across a fleet of managed desktops is with an ...

Cloud Computing