If you do a search for Amazon S3 breaches due to customer error of leaving the data unencrypted, you’ll see a long list that includes a DoD contractor, Verizon (the owner of this publication) and Accenture, among the more high profile examples. Today, AWS announced a new set of five tools designed to protect customers from themselves and ensure (to the extent possible) that the data in S3 is encrypted and safe.
For starters, the company is giving the option of default encryption. That means every object that gets moved into an S3 bucket will have encryption on by default. What’s more, this will happen without admins having to construct a rejected bucket for unencrypted files. It’s not exactly foolproof, but it gives admins a good solid way to ensure the data is always encrypted in a much smoother way than before.
If that’s not enough, Amazon is putting a signal front and center on the administrative console that warns admins with a prominent indicator next to each S3 bucket that has been left open to the public. If something slips through the cracks at the end user level, this should at least give admins an additional level of protection that something is amiss.
Access Control Lists (ACLs) let admins define and manage who has access to buckets and objects in S3. It’s basically ensuring that permissions travel with the data when you move it, but the update now also lets you share ownership of the bucket in transit, which would be useful for giving the admin in the other region control over the bucket too. This provides a way to share ownership, yet maintain separate and distinct ownership for the original objects and the replicas.
In addition, admins can replicate objects that are encrypted with keys that are managed by AWS Key Management Service (KMS). The latter means admins don’t have to worry about managing the encryption keys themselves, yet can still have the benefits of having encrypted S3 data.
Finally, should all else fail, there is a report, which includes the encryption status of each object in S3. Of course, you have to read it, but it’s there as an additional tool in the battle against human error.
While the nothing can completely prevent unencrypted data from entering S3 storage, these tools do go a long way toward giving admins the ability to set policy more easily and determine whenever unencrypted information is out there.