Amazon Web Services adds warning to publicly-accessible cloud servers

Amazon Web Services has bolstered the encryption and security features on S3, its data storage service, according to a Nov. 6 company blog post by AWS Chief Evangelist Jeff Barr.

On S3, each cloud-based storage unit — called a "bucket" — is protected by an access control list, which enables the user to choose one of three options: keep data private, share it for reading or share it for editing. With "permission checks," one of the new security features on S3, AWS will now display a prominent flag or banner on each S3 bucket that is unprotected and accessible to the public.

In recent months, security experts have discovered a few high-profile data breaches resulting from companies failing to establish permission settings on buckets of personally identifiable information.

In June, a cyber-risk analyst at UpGuard found roughly 14 million Verizon customers' records on an unprotected S3 server. Within the healthcare sector, a team of researchers at Kromtech Security Center discovered the protected health information of an estimated 150,000 Americans using services from Patient Home Monitoring, a HIPAA-covered entity, on a publicly-accessible S3 bucket Sept. 29.

To access the blog post, click here.

More articles on cybersecurity:
Vanderbilt researchers question results of recent study on hospital data breaches
OCR: 12 tips to secure PHI in mobile devices
Survey: 5 ways businesses secure corporate data on personal devices

© Copyright ASC COMMUNICATIONS 2018. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months