[WEB SECURITY] Re: Security thoughts/concerns with Amazon S3?
Joe White
joe at cyberlocksmith.com
Wed Sep 3 20:15:43 EDT 2008
My apologoes for replying to my own post but preliminary indications
are that one of the most common objections with S3 seems to be the
lack of data auditing offered by Amazon for S3 data. My thought is
that the ability to audit this data more thoroughly may be a big deal
from both a compliance perspective and a data owner requirement.
Also, most folks seem to be encrypting all of the S3 data both at rest
and in transit so from this point of view, isn't it fair to say that
from a data integrity point of view, things *might* be OK?
Finally, is anyone aware of any documentation Amazon may offer on
their data security controls, etc. I am still pretty early in my
research and not clear if this documentation exists already.
thanks,
joe
<<<>>>
On Wed, Sep 3, 2008 at 12:42 PM, Joe White <joe at cyberlocksmith.com> wrote:
>
> I am *very* early into the investigation of Amazon S3 and was hoping to leverage any other thoughts/experience on this service within the list.
> If you are not comfortable sharing your thoughts/experience publicly, please email me directly but either way, I hate to recreate the wheel with my research if someone else has already done it and is willing to share their findings.
> thanks,
> joe
> <<<>>>
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
More information about the websecurity
mailing list