Amazon Web Services has bolstered the encryption and security features on S3, its data storage service, according to a Nov. 6 company blog post by AWS Chief Evangelist Jeff Barr.
On S3, each cloud-based storage unit — called a "bucket" — is protected by an access control list, which enables the user to choose one of three options: keep data private, share it for reading or share it for editing. With "permission checks," one of the new security features on S3, AWS will now display a prominent flag or banner on each S3 bucket that is unprotected and accessible to the public.
In recent months, security experts have discovered a few high-profile data breaches resulting from companies failing to establish permission settings on buckets of personally identifiable information.
In June, a cyber-risk analyst at UpGuard found roughly 14 million Verizon customers' records on an unprotected S3 server. Within the healthcare sector, a team of researchers at Kromtech Security Center discovered the protected health information of an estimated 150,000 Americans using services from Patient Home Monitoring, a HIPAA-covered entity, on a publicly-accessible S3 bucket Sept. 29.
To access the blog post, click here.