Our predictions came true — Data exposed via AWS S3 Buckets

Netskope

In re-examining our own predictions of what would impact cloud security in 2017, several came into full effect this year. One of the trends Netskope CEO, Sanjay Beri, predicted was what he described as the “People Problem.” The idea that many data breaches and threats are caused by unintentional activities by insiders and IT teams, resulting in efforts to educate organizations of these issues and to employ more advanced policies that limit or allow specific behaviors within cloud services.

Did this come true?

Well, as 14 Million Verizon customers have recently experienced along with 160 Million US voters, unintentional Amazon S3 data breaches have been associated with some of the most severe data security crises of 2017. Millions of private records and sensitive data has been exposed on unsecured Amazon S3 buckets this year. Despite all the attention that unsecured Amazon S3 buckets have gotten lately as a cause of data leaks, companies continue to leave data exposed online. These misconfigured S3 buckets are often the result of innocent oversights, “People Problems,” that can be checked by access control and anomaly detection.

In the case of Verizon, millions of customers had their personal data exposed because a third-party contractor did not prevent external access to an Amazon S3 server. Many data leaks trace back to common errors when it comes to setting up access controls for AWS S3 buckets.

Unintentional data exposures via AWS S3 buckets raise a very practical problem that organizations are facing, which is how to secure data in the cloud. With Netskope, the leader in Cloud Security and highest-ranked CASB, you can secure all of the cloud services in your environment including the data in your S3 buckets.

For those of you heading to AWS re:Invent stop by and chat with our cloud security experts at booth #1703 to see how Netskope works. We couldn’t be more excited to participate in one of the year’s largest cloud conferences and support AWS. See you there!