How S3 Buckets Become Public, and the Fastest Way to Find Yours
In What Security Managers Need to Know About Amazon S3 Exposures we mentioned that one of the reasons finding public S3 buckets is so darn difficult is because there are multiple, overlapping mechanisms in place that determine the ultimate amount [...]
Why Everyone Automates in Cloud
If you see me speaking about cloud it’s pretty much guaranteed I’ll eventually say "Cloud security starts with architecture and ends with automation." I’m nothing if not repetitive. This isn’t a quip, it’s based on working heavily in cloud for [...]
(DevSec)Ops vs. Dev(SecOps)
I just got back from the Boston DevOps Days. I really enjoy hanging around DevOps and cloud people. The energy of these conferences is great, and they are genuinely excited about transforming how their organizations build and deploy applications. Many [...]
What Security Managers Need to Know About Amazon S3 Exposures (2/2)
Continuing from "What Security Managers Need to Know About Amazon S3 Exposures (1/2)"... In our first post we discussed how the exposure of S3 data becomes such an issue, and some details on how buckets become public in the first [...]
What Security Managers Need to Know About Amazon S3 Exposures (1/2)
The accidental (or deliberate) exposure of sensitive data on Amazon S3 is one of those deceptively complex issues. On the surface it seems entirely simple to avoid, yet despite wide awareness we see a constant stream of public exposures and [...]