Earlier this week, I was catching up with CloudCheckr for a preliminary briefing on my upcoming Cloud Services Management research coming out in December. This market, in general, is important to Amalgam’s coverage because the largest cloud infrastructure companies are growing over 50% per year, yet the majority of these services are not being managed or tracked from either a financial or governance perspective on a regular basis.
(Sneak peek: CloudCheckr’s combination of cost management, security management, and price ends up being a key reason that CloudCheckr has quickly grown to over 120 employees.)
During our conversation, Product Marketing Manager Todd Bernhard showed Amalgam an interesting tool for checking if Amazon Web Services S3 buckets are publicly accessible.
Why S3 Accessiblity Matters
For those of you who were on vacation, misconfigured and publicly accessible AWS S3 buckets have been in the news this summer in revealing the personal information and account PINs of 14 million Verizon customers as well as voting information owned by the Republican National Committee that exposed the information of nearly 200 million United States voters. The cloud was designed for rapid growth, scale, and access, but enterprise-level governance requires additional vigilance.
To provide a quick, free, and easy-to-use tool to check if your S3 bucket is publicly accessible, CloudCheckr created a tool at S3checkr.com that will check this for you and it looks like this:
Recommendations:
Amalgam recommends that companies that have spun up S3 buckets and don’t have a formal governance or management strategy for managing these buckets on an ongoing basis should quickly check up on them with this tool.
In addition, Amalgam believes that any company with over $100K a month in cloud computing spend should consider a formal cloud services management solution to gain two major benefits:
1) Govern all cloud resources and services with a consistent set of enterprise policies
2) Optimize and rationalize the 30+% of spend currently going to unnecessary overages, disconnected and zero usage instances, and obsolete or outdated services.