Misconfigured, exposed, forgotten: why S3 is still a problem in 2025

Ava Czechowska, Principal Cloud Engineer at ClearPoint, explains why, even in 2025, Amazon Web Services (AWS) S3 Buckets are still a high-risk area. ... … Despite significant advancements in cloud security, Amazon S3 buckets continue to be a common initial access vector for adversaries. Even in 2025, with all the new features and best practices, misconfigurations, forgotten buckets, and evolving threat landscapes mean S3 remains a critical challenge. ClearPoint partners with AWS and other cloud solutions to provide end-to-end support in migrating, modernising, implementing and managing your cloud infrastructure. ... The Datadog 2024 State of Cloud Security Report states that, as of their analysis, 1.48% of AWS S3 buckets were "effectively public," similar to the 1.5% figure from 2023. While they note increasing adoption of public access blocks, this persistent percentage indicates that misconfigurations are still a factor. Another point from the same report highlights the risks posed by long-lived cloud credentials. Such credentials never expire and frequently get leaked in source code, container images, build logs, and application artifacts. The report acknowledges another past research showing that **long-lived credentials are the most common cause of publicly documented cloud security breaches**. The Fortinet 2025 Global Threat Landscape Report mentions that "cloud environments remain a top target, with adversaries exploiting persistent weaknesses, such as open storage buckets, over-permissioned identities, and misconfigured services," and that "open storage buckets and over-permissioned identities continue to be leading vectors of attack." Fortinet's 2025 State of Cloud Security Report recognises configuration and misconfiguration management as the third most important operational challenge in cloud security, noting that it has already led to numerous high-profile breaches. … #### Why do S3 misconfigurations still happen? As CrowdStrike's "Insider’s Playbook: Defending Against Cloud Threats" explains, a cloud misconfiguration is "a poorly chosen, incorrect or absent security setting that exposes the cloud environment to risk." The playbook highlights that because cloud architectures are so complex, the real-time detection of such misconfigurations is difficult. Other points mentioned in the playbook are: **Speed over Security:**The rapid pace of modern development often encourages engineers to "quickly push projects to production." This velocity can inadvertently sideline security considerations, leading to overlooked configurations. **Shadow Cloud Environments:**The ease of spinning up cloud resources can lead to "shadow cloud environments" – resources deployed without proper oversight or security controls, creating blind spots for security teams. **Siloed Security Tools:**"Today’s cloud security tools are very bespoke, forcing organisations to build their cloud security programs on siloed point products." This fragmented approach makes it difficult to get a holistic view of security posture and can lead to gaps. … **Automated Security Defaults:**As of April 2023, newly created S3 buckets automatically enable S3 Block Public Access and disable Access Control Lists (ACLs). This means public access is blocked by default, and access is controlled primarily through more robust IAM policies. **Default Encryption for New Objects:**Since January 2023, Amazon S3 automatically applies server-side encryption with Amazon S3 managed keys (SSE-S3) for every new object uploaded, unless a different encryption option is specified. … **S3 Object Lock:**This feature supports a write-once, read-many (WORM) model, preventing objects from being overwritten or deleted for a specified period or indefinitely. This is vital for compliance and ransomware protection. **Amazon S3 Metadata (Preview, July 2025):**This new feature provides comprehensive visibility into all objects in S3 buckets through live inventory and journal tables. This allows for SQL-based analysis of both existing and new objects with automatic updates, greatly aiding in security audits and compliance. … **Embracing Automation:**Leveraging AWS's new default security settings and automating security checks. **Strengthening Identity and Access Management:**Implementing least privilege principles and regularly reviewing IAM policies. **Gaining Centralised Visibility:**Overcoming siloed tools by adopting solutions that provide a unified view of your cloud security posture. **Fostering Collaboration:**Breaking down barriers between DevOps and security teams to embed security throughout the development lifecycle. **Continuous Monitoring and Threat Detection:**Investing in robust threat detection capabilities to identify and respond to incidents swiftly, addressing the "Insufficient Threat Detection" challenge head-on.