CloudCheckr Blog

Summer Storms, Cloud Service Disruptions, and the Lessons Learned

July 6th, 2012

Recent storms in the Virginia- DC area resulted in a temporary outage of AWS service. Evidently, a lighting storm and failed back-up generator caused a service disruption. This, in turn, brought coverage that questioned the use of the cloud (see, e.g.,: AWS Outage). The general narrative is that this problem illustrated the risks of using the cloud. The conventional interpretation is that the outage illustrated the problems with outsourcing, the problems with using a vendor, and the problems that surround relinquishing complete control. That narrative focuses on the service disruptions and is completely wrong. The simple reality is that natural […]

FedRAMP and 3PAOs

May 30th, 2012

The list of accredited 3PAOs for the FedRAMP program has been released.   What is FedRAMP? “The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.”   What are the goals of FedRAMP ? “Accelerate the adoption of secure cloud solutions through reuse of assessments and authorizations. Increase confidence in security of cloud solutions. Achieve consistent security authorizations using a baseline set of agreed upon standards to be used for Cloud product approval in or outside of FedRAMP. Ensure consistent application […]

AWS S3 Buckets & Bucket Finder

May 23rd, 2012

In our previous post, we mentioned that we received an email from Amazon Web Services warning us that “some tools and scripts have emerged which scan services like Amazon S3 to identify publicly accessible buckets.” The threat posed by inadvertent exposure of sensitive files is not a new concept. Corporate network security experts have long recognized the security risks embedded in uploading files. However, users mistakenly believe that the sheer quantity of uploaded files renders their own files virtually invisible. They believe no one will spend the time necessary to sort through the files. Consequently, users become less vigilant in […]

WRITE permissions granted to Everyone on a bucket

May 3rd, 2012

A few days ago, we at CloudCheckr Inc. received an email from Amazon about our AWS account. The purpose of the email was to to let us know that one of our buckets in S3 had “WRITE” and “WRITE ACP” granted to everyone (you can read the actual email below). These permissions were set intentionally because we are running and conducting tests of our own cloud auditing tool. But it got me thinking about a few security issues. What is the danger of using “WRITE ACP” or “WRITE” on a bucket? If you’re using these permissions, an attacker has the […]

Ready To Get Started?

Try CloudCheckr 14 Days for FREE

Get Started