AWS S3 Buckets without a Bucket Policy are prone to insecure behaviour that does not meet modern security standards
AWS S3 is an internet-accessible data storage service that stores data in data ‘buckets’. These buckets are then primarily secured Bucket Policies that control multiple aspects of access, security and data management. Your Bucket Policy is the primary configuration tool for safeguarding your data and ensuring that the S3 storage service aligns with your organisation’s functional and security requirements.
Buckets lacking a policy forfeit a significant amount of functionality and security management. Not having a Bucket Policy places you in an inherently insecure position, as it does not prevent inherently insecure functionality such as allowing unencrypted data uploading.
For most professional organisations a Bucket Policy also provides privable and explicit data and access controls forming a strong part of your security posture frameworks that demonstrates auditable compliance. Not having Bucket Policies is a violation of most cybersecurity requirements including those required by cybersecurity insurance policies. Furthermore, Bucket Policies offer a quantifiable configuration that can be tracked within your cloud such that any changes to the Bucket Policy can be detected, tracked and alerted on providing crucial visibility during breaches as well as during investigations.
AWS S3 Buckets should always make use of Bucket Policies as they provide enhanced security and configuration capabilities as well as establishing a verifiable security compliance. This is especially important for insurance or cybersecurity policies, as enforced bucket protection guarantees that your data management aligns with minimum security standards.
Determine what the security requirements of your organisation and translate these requirements into quantified statements for a standardised AWS S3 Bucket Policy. Once determined detect which buckets lack an attached Bucket Policy and apply the new policies whilst monitoring any client systems that may lose access.
As part of the included service with SkySiege Cloud Assessments your SkySiege Engineer can help you determine what your Bucket Policy should be and can provide our standardised Bucket Policy alongside a full list detecting which buckets currently lack a policy.
SkySiege Cloud Security Assessments scan for this issue and provide same-day reports.
Available for individual projects or organisations.
