Do you lie awake worrying about your buckets? No, not the ones you use to wash your car.
We’re talking about your organization’s cloud storage buckets, where malicious files could be lurking if not properly protected.
Cloud storage buckets are similar to file folders storing your important data. However, rather than file folders on a local server, this data lives in a public cloud storage resource. Examples of cloud storage services would be Amazon Simple Storage Service (Amazon S3), Microsoft® Azure Blob storage, and Google Cloud Storage™.
All too often, we hear stories of cloud storage services left insecure or unencrypted. These instances leave terabytes of sensitive data open to the whole world to download or infected with viruses and malware. As more organizations move their applications to the cloud, this form of storage introduces a new attack vector that’s vulnerable to malicious files and requires its own security layer.
How to Keep Your Cloud Storage Data Protected
Securing cloud-native development, runtime environments, and applications introduce new challenges for security engineers and architects.
Trend Micro Cloud One™ – File Storage Security is built entirely using AWS resources (AWS Lambda, Amazon Simple Notification Service (Amazon SNS), and Amazon Simple Queue Service (Amazon SQS)). When a user uploads or adds an object/file to an Amazon S3 bucket that has been defined as a “scanning bucket”, a malware scan is initiated. Once the scan is complete, three tags will be generated on the object/file: Scan Date, Scan Results (clean or malicious), and Scanned (true or false).
Custom plugins or Lambda functions can be created to deal with objects/files that receive certain tags. For example, you can create a function to move objects/files tagged as “malicious” to a quarantine bucket so no one can open or access that object/file, or if the object/file is “clean”, move it to a promote bucket so it can be accessed. Support for Microsoft Azure Blob and Google Cloud Storage is coming soon.