Question: Are there any tools that can help me find misconfigurations in my AWS S3 cloud buckets?
Kurtis Minder, CEO of GroupSense: Yes. There are a number of tools that are available to look for misconfigured or open S3 buckets. Most of these tools are available for free on GitHub. S3-inspector, S3Scanner, and Bucket Finder are a few that will uncover buckets and misconfigurations.
Keep in mind, threat actors can use these tools also. Better to use on yourself before they do. In fact, cybercriminals don't even bother hacking into systems deployed on AWS – there are so many misconfigured S3 buckets out there that they just use these tools to find the screw-ups and steal the data. I saw a stat from Skyhigh Networks that 7% of all S3 buckets have unrestricted public access, and 35% are unencrypted.
This is like shooting fish in a barrel for data thieves, so it is really critical for companies to use these tools to shore up their configurations before they start putting sensitive data into AWS or any other public cloud.
Kurtis Minder is the co-founder and CEO of GroupSense, an enterprise digital risk protection company. He is also a frequent contributor to the start-up community and serves as an advisor and mentor to growing companies. He arrived at GroupSense after more than 20 years in ... View Full Bio