Antivirus for Amazon S3, the Blind Spot in Cloud Storage

Positively impacting shareholder value is every CEO’s dream. Negatively impacting shareholder value is every CISO’s nightmare. As more and more data moves to the cloud, additional threat vectors to customer data must be considered. Threats that include malware and viruses for Amazon S3. At the 2018 AWS re:Invent Keynote, AWS S3 VP, Mai-Lan Tomsen Bukovec acknowledged the “tens of trillions of objects” exceeding “exabytes of storage” are being used on Amazon S3. It is hard not to argue Amazon S3 is one of the most successful services provided by AWS. AWS has unlimited emphasis ensuring your data is safe. Customers and AWS leverage many native features and security frameworks including redundancy, bucket permissions, encryption and duplication across regions and availability zones.

The Threat is Hidden

However, the hidden threat to your customers and corporate applications dependent on Amazon S3 is the ability for intentional malware to be uploaded by an attacker, or an unintentional upload of potentially malicious files or objects by a legitimate user to your object storage (Amazon S3). Despite rigid security and bucket permissions, there is opportunity for malicious actors to upload files with malware and ultimately serving it to downstream customers. This is the CISO’s nightmare as every subscribed customer receives a virus, trojan, spyware or ransomware from files within Amazon S3 coming from your infrastructure.

We Need to do this Together

Leveraging the AWS “Shared Responsibility Model“, simply corporations are responsible for their customer data. As you look to create applications and services for your customers, you must be sure you are not putting them and your shareholder value at risk. Amazon S3 is a blind spot to your cybersecurity framework.

Upload Risk

As object storage, files are not executable within the data store. Perceived as innocuous and virtually unlimited storage, files are blindly uploaded to storage buckets. The next step is for them to be accessed and potentially served to critical corporate applications or ultimately to downstream customers. This blind faith is the hidden risk to every organization providing a “Upload File” button in their customer facing applications. Minimally, every organization should be scanning their object storage if it is exposed to the external network. You are putting your reputation and shareholder value at risk. There are many obvious use cases that are should be inspecting uploads. These include the mortgage industry, the financial community and commercial and residential real estate listing agencies. Each time an application or file is requested for loan approval, pictures of your home, or your W2 and you browse desktop files and “upload” them to a service, the requesting application and corporation is at risk for malicious code.

Download Risk

As a more sophisticated attack, it is possible for nefarious actors to infect your object storage with malware or zero-day code to ultimately impact your consumer base. As an example, a music service provides a requested download to their subscribed customers. There is the potential for the payload included virus or malware such as a keylogger or trojan attack. Every customer subscribed to the service that received or requested the infected file would receive this hidden attack. If this were to occur, the music company would be receiving a considerable amount of negative press that could ultimately impact their shareholder value. This is the nightmare every CISO fears.

Visibility to the Blind Spot

After looking at the lack of available solutions in the industry and the known threat, a veteran team of cloud and security professionals established Cloud Storage Security. Today, it is possible to inspect upload and download files being served or written to Amazon S3 with industry leading antivirus and antimalware verdict engines. Cloud Storage Security Antivirus for Amazon S3will discover Amazon S3 buckets and identify known and suspect malware. It is possible to write, delete or quarantine files base on their risk score. Cloud Storage Security allows for simple deployment leveraging containers providing real-time or event based scheduled scanning. Leveraging a simple dashboard, buckets can be toggled for scanning and enable the ability to integrate with third party applications.

Cloud Storage Security Antivirus for Amazon S3 will help reduce the risk posture of object storage and allow CISO’s to focus on other security concerns and give visibility to their cloud object storage.

If you want to know more or have interest in Cloud Storage Security, contact the storage security specialist team at info@cloudstoragesec.com