AWS S3 is an object storage service in the Amazon cloud. S3 allows both users and applications to save and retrieve practically any type of data that can be stored in its digital form. S3 data is saved in buckets. These are containers of software in which data can be stored and retrieved on an as-needed basis. Many enterprises continue to leave cloud storage buckets unprotected, even though extensive documentation is available on how to properly secure these buckets. Recent studies (https://laminarsecurity.com/blog/new-research-finds-21-of-publicly-facing-cloud-storage-buckets-contain-sensitive-pii-data/) have shown that 1 in 5 publicly accessible buckets contained sensitive data (PII). In the past, many buckets have been widely exposed (https://github.com/nagwww/s3-leaks). In Kaduu, you can monitor S3 buckets, but also Azure cloud storage containers for sensitive data related to your keyword.

The main S3 security risks

While S3 is a strong way to store data cost-effectively and at scale, it can also pose risks. Some of the most important S3 risks include:

1. Configuration errors or failures that allow malicious users to access sensitive data in S3 buckets
2. Lack of understanding of what data is stored in S3 buckets and if protection for that specific data is adequate
3. Configuration problems that allow bad actors to upload malware to S3 buckets, and potentially create a baseline that they can use for further attacks

You can enter any keyword like "bank" or "bank switzerland" and Kaduu will monitor for the exact match in public cloud storage on a daily base. Your monitored keywords are displayed on the dashboard and result can be viewed by clicking the "view" button:

We suggest using the company name rather than the domain (example instead of example.com). But if the company name is too generic, you might end up with more than 5000 results. This is the limit we display per keyword.

After clicking on "view" you see the detailed results with the link (2) and the type of cloud storage (1):