The Woeful Tales of the very Simple Storage Service (S3)

Securing the cloud has been an issue since its inception. Specifically, the easiest targets in the cloud are the multitude of storage solutions deployed by various companies. Amazon S3 was released in 2006 yet there have been more than 26 reported S3 data breaches in the last 4-5 years. Why is cloud storage security so difficult? S3 is not the only service that faces the problem of a lack of understanding of IAM from its users. Google Cloud, Microsoft Azure Storage, and Digital Ocean Spaces all have storage options which can face publicly if the user chooses to do so. 

I got to present about this topic at BSides San Diego and enjoyed the conversations I had. For reference, here are the slides from that talk.