Amazon S3 Security Step-by-Step
Bucket Policies and Defense-in-Depth: Amazon S3
Excellent paper by Rajat Ravinder Varuni and Rafael Marcelino Koike. I read it and it will help me when I have to talk with "people whose heads are in the cloud".
In this blog post, we show you how to prevent your Amazon S3 buckets and objects from allowing public access. We discuss how to secure data in Amazon S3 with a defense-in-depth approach, where multiple security controls are put in place to help prevent data leakage. This approach helps prevent you from allowing public access to confidential information, such as personally identifiable information (PII) or protected health information (PHI).
Sr Technical Program Manager, System Design | PM, Systems Engineering, CISSP, Network+, Cloud+
6 年Always looking forward with thought leadership
Entrepreneur in real estate, transportation & cyber
6 年New take on the bucket list!
Cyber Security Research Consultant - Application Penetration Testing at Wells Fargo | GCIA, GPEN, GWAPT, GMOB
6 年Thanks for sharing! It is very informative.
Cybersecurity Professor; Recovering Entrepreneur
6 年You might be also interested in our forthcoming paper on the subject at ACSAC in December. There's a Hole in that Bucket! A Large-scale Analysis of Misconfigured S3 Buckets Andrea Continella, Mario Polino, Marcello Pogliani, Stefano Zanero. To Appear In Proceedings of the Annual Computer Security Applications Conference (ACSAC), San Juan, Puerto Rico, December, 2018.
Cyber Security Professional
6 年Timely. Thanks!