About Us
Cloud Storage Security is excited to share that customers now have access to Storage Assessment functionality. Designed to enhance data intelligence, Storage Assessment answers questions like “How much data do I have?”, “In what regions is it located?”, “What encryption coverage do I have?” and “How many buckets are open to the public?” by providing the following data points:
Reported Data
This information is useful because it provides the detail needed to maintain a secure storage environment.
For example, with AWS’s release of automated server-side encryption, all new objects in Amazon Simple Storage Service are encrypted by default from January 2023 onward. With data points that drill down into each bucket to tell you the percentage of encrypted objects and file age breakdown, Storage Assessment can help you investigate and manage buckets containing unencrypted files older than Jan 2023.
Another notable way in which Storage Assessment helps customers enhance cloud security is by providing a tally of how many public buckets exist by region, making it easy to identify whether the counts are inline with expectations or if bucket access should be evaluated.
Storage Assessment also quantifies how much data you have within S3, a key data point that can be used when estimating scanning throughput and how to scale as well as total cost of ownership.
Storage Assessment is accessible under Monitoring in the application’s main menu. Data is filterable by bucket, region, account, and/or date. The time frame for which data is reported on is listed below the filters.
Storage Assessment Report in CSS Console
Pricing Considerations
Storage Assessment manually crawls your buckets, gathering information about file size, last modified date, encryption status, and file type, to provide an initial overview of all of the files you have stored in Amazon S3. After that initial crawl, an S3 Inventory configuration report is leveraged to continue to assess the data.
AWS’s inventory configuration report is generated once a day by AWS and provides a snapshot of your bucket contents including file name, size, last modified date, encryption status, storage class, and intelligent tiering access tier as well as the name of the bucket it resides in.
Both the crawl and S3 Inventory have minimal charges associated with them:
-
The initial crawl will invoke LIST calls to gather all of the objects associated with your S3 buckets. AWS charges $0.005 per thousand list calls and you receive 1,000 objects per list call. This means crawling 1 million objects costs $0.005.
-
Storage Assessment generates nightly S3 inventory reports (in the future this will be configurable). AWS charges $0.0025 per million objects listed for an S3 inventory report.
-
If you want to calculate the number/percent of objects scanned, this functionality performs GET calls for each object. GET calls cost $0.40 per million objects. The frequency of this calculation is configurable within the Storage Assessment settings.
Getting Started
Cloud Storage Security solutions are deployed using a CloudFormation Template that includes an “Enable Storage Assessment” parameter that can be turned on or off. If the app is installed without Storage Assessment and you want to turn it on later, it can be enabled from within the Console Settings page.
Storage Assessment is enabled by default for existing customers who upgrade the console to the latest release through the standard console upgrade process. To disable this feature at upgrade, manually update the stack and turn the dropdown selection to False.
Learn more about enabling or disabling Storage Assessment in the CSS Help Docs.
Contact us to discuss Storage Assessment further or start a free trial of Antivirus for Amazon S3 or Data Classification for Amazon S3 to access Storage Assessment functionality.
Share:
.svg)