Blog post: Top 10 security best practices for securing data in Amazon S3

In Sept 2023, I co-authored a blog post on the AWS Security blog, Top 10 security best practices for securing data in Amazon S3. Amazon S3 is one of the first and most common service in use, besides the IAM service-of course. While there are several security features available across the AWS platform the S3 service has several additional security features that should be reviewed and potentially implemented based on the level of risk and data your are storing. Key takeaways:

-- Block public S3 buckets at the organization level

-- Use bucket policies to verify all access granted is restricted and specific

-- Ensure that any identity-based policies don’t use wildcard actions

-- Enable S3 protection in GuardDuty to detect suspicious activities

-- Use Macie to scan for sensitive data outside of designated areas

-- Encrypt your data in S3

-- Protect data in S3 from accidental deletion using S3 Versioning and S3 Object Lock

-- Enable logging for S3 using CloudTrail and S3 server access logging

-- Backup your data in S3

-- Monitor S3 using Security Hub and CloudWatch Logs

What would you change, add/remove from this list?

Read more

Extending Security Ownership Across Your Organization: A conversation with Megan O’Neil, Principal Security Solutions Architect at AWS

Extending Security Ownership Across Your Organization: A conversation with Megan O’Neil, Principal Security Solutions Architect at AWS

In this chat with AWS enterprise strategist, Clarke Rodgers, Megan discusses the benefits of extending security ownership beyond the security department. Here at AWS, identifying vulnerabilities isn’t just the responsibility of the security team — every employee is empowered and expected to report potential security issues. In Megan’s own

By Megan O'Neil