Amazon Web Services adds warning to publicly-accessible cloud servers

Amazon Web Services has bolstered the encryption and security features on S3, its data storage service, according to a Nov. 6 company blog post by AWS Chief Evangelist Jeff Barr.

On S3, each cloud-based storage unit — called a "bucket" — is protected by an access control list, which enables the user to choose one of three options: keep data private, share it for reading or share it for editing. With "permission checks," one of the new security features on S3, AWS will now display a prominent flag or banner on each S3 bucket that is unprotected and accessible to the public.

In recent months, security experts have discovered a few high-profile data breaches resulting from companies failing to establish permission settings on buckets of personally identifiable information.

In June, a cyber-risk analyst at UpGuard found roughly 14 million Verizon customers' records on an unprotected S3 server. Within the healthcare sector, a team of researchers at Kromtech Security Center discovered the protected health information of an estimated 150,000 Americans using services from Patient Home Monitoring, a HIPAA-covered entity, on a publicly-accessible S3 bucket Sept. 29.

To access the blog post, click here.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars