Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Amazon Adds New Encryption, Security Features to S3

Amazon announced this week that it has added five new security and encryption features to its Simple Storage Service (S3), including one that alerts users of publicly accessible buckets.

Amazon announced this week that it has added five new security and encryption features to its Simple Storage Service (S3), including one that alerts users of publicly accessible buckets.

Improperly configured S3 buckets can expose an organization’s sensitive files, as demonstrated by several recent incidents involving companies such as Viacom, Verizon, Accenture, Booz Allen Hamilton, and Dow Jones.

In an effort to help organizations avoid data leaks, Amazon introduced permission checks that provide clear information and indicators about publicly accessible buckets. The feature was made available shortly after Amazon announced the launch of a set of managed configuration rules designed to help users secure their S3 buckets.

With the introduction of permission checks, users immediately know if a bucket is configured for public access via the main page of the S3 Console and in each bucket’s own page.

Amazon permission checks

Users can now also install an encryption configuration to mandate that all objects in a bucket must be stored in encrypted form. This means that customers will not have to create a bucket policy for rejecting non-encrypted objects.

Two of the new features are related to Cross-Region Replication, functionality that allows users to copy mission-critical objects and data to a bucket in a different AWS account. Objects are typically copied with the associated access control list (ACL) and tags, but a new feature enables users to replace the ACL while the data is in transit to ensure that the owner of the destination bucket has full access.

When administrators use Cross-Region Replication, they can now also replicate objects that are encrypted with keys managed via the AWS Key Management Service (KMS).

The last new feature is related to S3 inventory reports, which now provide information on the encryption status of each object.

Advertisement. Scroll to continue reading.

All the new features are immediately available at no extra charge.

Related: AWS S3 Buckets at Risk of “GhostWriter” MiTM Attack

Related: Amazon Launches “Macie” Security Service to Protect Data in AWS

Related: Amazon Offers Free SSL/TLS Certificates

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...