After a rash of cases in which Amazon Web Services customers left important data unprotected on the internet, the company is rolling out some new security features designed to make it easier to protect their data.
The new encryption features for the S3 storage service allow customers to specify that any file entering an S3 “bucket” — the basic unit of storage in S3 — will be encrypted by default, AWS announced Monday evening. Customers will also be able to take advantage of a warning system that will notify them if they make a configuration change that leaves data unprotected, according to a blog post.
There have been multiple high-profile incidents this year in which AWS customers have inadvertently left data unprotected on S3 servers, leading to several privacy breaches and headaches for everyone involved. Just in the last month, data left unprotected on S3 servers by Accenture and Dow Jones led to the exposure of personal information.
Cloud security is a two-way street, in that AWS can’t really be blamed when its customers fail to encrypt their data using the existing tools, and most customers clear this basic hurdle. But it certainly can make the encryption process easier and more straightforward, which appears to be the motivation behind the new features.
S3 users can now also encrypt data by default as it moves between different AWS accounts, and users can now set up a reporting system that sends them a detailed picture of what assets on their networks are encrypted. The new features are immediately available and free to use, but they might increase usage of other services depending on how they are configured.
Editor’s note: This post was updated to clarify the nature of the exposed data.