Blog   |   Automation   |   October 29, 2018

Change Your Clocks and Smoke Alarm Batteries, and Check Your Cloud Storage Permissions

Ah, it’s that time of year again. Time to set your clocks back for Daylight Saving, change the batteries in your smoke detectors, and– if you’re smart — check your S3 Buckets and Azure Blob Containers to see if they’re wide open to the public. It’s true that CloudCheckr offers 550+ Best Practice Checks, many dedicated to security, and several specifically for S3 Buckets and Azure Blob containers. But because of recent security breaches in the news, we created S3Checkr and BlobCheckr, two additional, free tools that let you check the public permissions on your cloud storage, without having to be a CloudCheckr customer.

The idea behind Daylight Saving Time (DST) is to maximize daylight. Before electric lights, when society was more agrarian, this was a big deal. It may be less important now, but it remains in effect in most US states and countries.

Recently, firefighters (and battery companies) have jumped on the occasion of DST to remind people to change the batteries in their smoke detectors. This is a good idea, and much better than being woken up at night because the battery is dying, or worse, missing out on that beeping perhaps because you’re out of town and then not knowing that your batteries have died.

…And that brings us to another safety hazard you can prevent.

Did you hear about that S3 breach? Actually, there have been several highly publicized S3 Breaches in the past year or so. Confidential info from a GOP data firm, Verizon, WWE, and Dow Jones. All of these breaches could have been prevented.

Amazon has taken a lot of heat for this, but to be fair to them, you really have to go out of your way to make an S3 bucket public. The default configuration is private. Admins opened up permissions on storage volumes where they then put sensitive data, and neglected to close them again. It’s a bit like unlocking your door on your way out of your house. It doesn’t matter how secure the lock is if you leave the door itself wide open.

CloudCheckr offers S3Checkr and BlobCheckr, two free tools to find AWS S3 Buckets and Azure Blob Containers that can be accessed by the public. Following on the heels of the Deloitte breach of their Azure cloud, it is clear that such a hack can happen to anyone, even if you have a strong cybersecurity team. But with CloudCheckr, you can see if your storage is accessible to the public thanks to our numerous Best Practice Checks. We have made these tools free even if you are not a CloudCheckr customer, so we can all help ensure the security of the cloud.

Todd Bernhard headshot
About the Author

Todd Bernhard has been with CloudCheckr handling Product Marketing and Technical Evangelism roles since 2017. He holds multiple certifications including AWS Solutions Architect Associate, Microsoft Azure Fundamentals, Google Cloud Associate Engineer and FinOps Certified Practitioner. Prior to joining CloudCheckr, Mr. Bernhard was an award-winning, bestselling mobile app developer and entrepreneur and previously worked for Sun Microsystems, as an Evangelist, Sales and Technical Trainer and Product Marketing Manager for Sun’s high-end data center servers.