Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and achieve efficiency by upskilling and scaling citizen developers. Watch now.


Cloud misconfigurations expose organizations to significant risk, according to a new analysis of Amazon Web Services (AWS) Simple Storage Service (S3) buckets conducted by Lightspin, a cloud security provider. In-depth research into 40,000 AWS buckets and their cloud storage permissions found that 46% of AWS S3 buckets could be misconfigured and should therefore be considered unsafe, Lightspin said.

s3 misconfigurations are big deal

Above: A diagram that explains how AWS evaluates access and assigns definitions to objects within S3 buckets.

Image Credit: Lightspin

Misconfigured S3 buckets can open your cloud environment up to a huge amount of risk. Public read access could lead to a data breach, while public write access can launch malware or encrypt data to hold your company ransom.

Certain AWS cloud storage permissions are currently complex and even obtuse, as one of the AWS access options is defined as “Objects can be public.” As AWS evaluates the access permissions of all files at the bucket level, rather than the object level, an object’s ACL is not considered. In short, the definition “Objects can be public” doesn’t allow organizations to definitively understand whether their objects are accessible or not. The diagram above can help to visualize which objects would be given this classification.

Lightspin’s research revealed that more than 40% of AWS S3 buckets have this definition attached, on top of the 4% that are defined as public. As part of this research, the company created a free, open source Python tool that scans the cloud environment in full and clarfies which objects are public and which are not.

Event

Intelligent Security Summit

Learn the critical role of AI & ML in cybersecurity and industry specific case studies on December 8. Register for your free pass today.

Register Now

Read Lightspin’s full research into the risks of misconfigured S3 buckets.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.