Insights
/
feb 16, 2025
Using AWS Doesn’t Make You Secure
Cloud platforms like AWS are powerful, but misconfigurations can expose sensitive data. Learn how cloud security mistakes lead to breaches.
/
AUTHOR
SolveCyber
Many organisations assume that moving to the cloud automatically improves their security. Platforms like Amazon Web Services provide strong infrastructure and built-in security controls, but that does not mean your environment is automatically secure.
Cloud providers operate under a shared responsibility model. AWS secures the underlying infrastructure, but customers are responsible for how their services are configured.
If those configurations are wrong, sensitive data can easily be exposed to the internet.
A Common Cloud Security Mistake
One of the most common examples involves Amazon S3, a cloud storage service widely used for storing files, backups, and application data.
When configured correctly, S3 is secure. But if permissions are misconfigured, the contents of a storage bucket can become publicly accessible.
This type of mistake has caused numerous real-world data breaches.
The Nine Newspapers Data Exposure
In 2021, around 16,000 customer records belonging to Nine Newspapers were exposed through a misconfigured S3 bucket.
The data related to subscribers of The Sydney Morning Herald, The Age, and The Australian Financial Review.
The exposed information reportedly included customer names, email addresses, and home addresses.
This was not caused by a sophisticated attack. The storage bucket had simply been configured in a way that allowed public access.
Why These Mistakes Happen
AWS actually provides warnings when someone tries to make a storage bucket public through its management console.
However, many environments are deployed using automation or configuration scripts. If insecure settings are copied from online forums, documentation, or generated code, those warnings may never appear.
In some cases, poorly configured buckets can even allow anyone on the internet to upload or modify files, creating serious security risks.
Why Security Assessments Matter
Cloud environments can be complex, and configuration mistakes are easy to miss.
A security assessment or penetration test can identify misconfigured cloud services, exposed storage buckets, and excessive permissions before attackers find them.
Using cloud platforms like AWS provides a strong foundation, but security ultimately depends on how those services are configured and managed.
