Overview of Security Issues with Amazon S3
Security practitioners are challenged by Amazon S3 to maintain a balance between the advantages of cloud storage and the necessary caution.
Unfortunately, S3 access control is nice to set and hard to maintain:
- The access permissions schema via “policies”, is very flexible. During implementation time the developer knows the rather technical JSON syntax.
- When permissions have to be reviewed the auditor needs know-how of specific details of policies written in JSON syntax, and their respective locations in the AWS console.
- Adding to the complexity is access control with ACLs.
Dr. Ekkard Schnedermann has been trained as a high-energy physicist, and changed into computing, where he has been advising banks, enterprises, and the biggest European IT providers for more than 2 decades in information security and also supports his clients regularly in worldwide SOC1 audits. Ekkard holds certifications as CISSP, CISA, CGEIT, AWS Certified Solution Architect and, of course also the CCSK from CSA.