5 Steps to Eliminate AWS Misconfigurations and Open S3 Buckets
December 20, 2017
I’m an ardent consumer of security news. Sure, it’s part of my job, but reading these stories can still be a real eye-opener. Take, for example, the on-going news about S3 bucket misconfigurations. Cyber criminals have taken notice that buckets configured to allow “All Authorized AWS Users” would, well, allow all authorized AWS users. Not just your organization’s AWS users. All of them. Around the globe. More than a few buckets at more than a few companies were configured as such. Not good.
Public clouds make you more efficient by offering common infrastructure and consistent tools. That’s good news, but it also requires coordination between the security services provided by, let’s say AWS, and your team’s plan to secure what they deploy in the cloud – applications and data. Have no doubt, any misconfiguration or gap in your defenses will be turned into a hacking opportunity for the bad guys.
AWS provides a wealth of information and resources on its shared responsibility model for security and compliance. It is in your hands to properly configure the services they provide. Unfortunately, the flexibility and multiple options provided easily lead to misconfigurations. For example, few realize that AWS offers four distinct ways to control access to S3 buckets.
This is why Lacework has taken a comprehensive approach to helping you keep your data secure in AWS. Here are our 5 recommendations:
- Assess your AWS configuration for security (CIS Benchmark): The CIS benchmark for AWS provides recommendations to help with AWS configuration. Our interactive report automatically checks against these and gives you a comprehensive assessment of where you comply and where you have violations. Where we find violations, we provide details on the scope of the violation and recommendations on how to address it.
- Assess your AWS configuration beyond CIS recommendations: Lacework’s security experts have reviewed the challenges behind the configuration of AWS S3. They’ve added recommendations specific to S3 to make sure your security and DevOps teams do not let any S3 buckets open to the outside unintentionally. Same as for CIS, our interactive report gives you insights into violations and recommendations on how to remediate them.
- Repeat the above for continuous compliance: Cloud environments are dynamic and you should expect many of your configuration settings to change as new resources are deployed. Lacework automatically runs configuration audits every 24 hours and alerts you if there is any degradation in your level of compliance.
- Maintain operational visibility into your cloud: Maintaining the best possible security configuration at all times is only step one. You should continuously monitor how your users, processes, containers, and other entities interact with buckets and AWS accounts. This awareness takes you far beyond configuration audits and provides a 360° view of everything related to your AWS cloud: accounts, workloads in EC2 and S3 buckets where your data is stored. For example, you can start to track and understand applications and processes that access data in S3.
- Detect all anomalies (and threats) in your cloud, all the time: Beyond configuration changes, behavior anomalies can be an early indicator of compromise. Our platform automatically detects behaviors and activities that deviate from an established baseline. To go back to the S3 bucket example, we will automatically alert you if there is a pattern change in applications accessing your S3 buckets.
Common infrastructure services and tools are great, but they add a new and complicated dimension to AWS security in the cloud. Protecting your S3 buckets and AWS accounts is essential – a compromise of either one can spell disaster. With Lacework, you can stop “leaky buckets” and keep your AWS accounts safe and sound.
You can see all the above in action in our recent live demo replay on Lacework for AWS security.