1

My team currently use s3cmd command to transfer files from Unix to S3 bucket. However, our IT has raised security concerns for using the cmd.

I know AWS s3 is another alternative but wanted to know if it is secure?

Thanks in advance

Anurag Chand
  • 19
  • 6
  • What are your security concerns? IMHO it is all about storing and using access credentials – gusto2 Aug 30 '18 at 07:09
  • 1
    There is no such thing as "secure". You need to define a threat model for your attacker, you need to define the value for the attacker of whatever it is that you are protecting, you need to calculate your cost of protecting whatever it is that you are protecting, and then you need to evaluate the triangle of "your cost" vs "the attacker's cost" vs "the attacker's gain", and then, if you conclude that the attacker would have to spend more than he would gain, and you need to spend less then you would lose, *then* you can call it "secure". – Jörg W Mittag Aug 30 '18 at 07:16
  • 1
    But, without a threat model, the question of whether something is "secure" is meaningless. "Secure" against *what*? Who is the attacker? What resources do they have? How much time are they willing to spend? Would they be willing to mount an armed assault on your data center? Then you need to think about physical protection. Would they be willing to abduct your sysadmin's daughter? Then you need to think about bodyguards for your key staff and their families. Would they disguise themselves as an immigrant and apply for job as a janitor in your datacenter? Then you need to run background checks. – Jörg W Mittag Aug 30 '18 at 07:20
  • Do they have access to supercomputers? Can they tap your phones? Are they just script kiddies? And so on, and so forth. Without answers to those questions, all we can do is guess what you mean by "secure" and what your IT means by "security concerns". – Jörg W Mittag Aug 30 '18 at 07:20
  • 1
    Have your manager ask the IT department for their preferred alternative. If they don't have one (they probably won't), ask if you can use the AWS CLI (and say that it's maintained by Amazon). Get the answer in writing and save it. – kdgregory Aug 30 '18 at 10:45

2 Answers2

1

Both utilities would call AWS via HTTPS, so data would be equally secure.

Open Source products are often more secure than closed source products because more people have been able to view and improve the code.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
0

It depends on what the security concerns are. Are they concerned about data security in transit or that the commands being phished?

You could have a look at client-side or server-side encryption for your data, if it is not already in place.

AYA
  • 917
  • 6
  • 7
  • we have been notified by the Informatica and Unix teams to discontinue using it asap as the package is opensource and poses risk to Informatica environment. – Anurag Chand Aug 30 '18 at 07:27
  • @AnuragChand even original AWS CLI is opensource and there's no direct risk of using it. You need to specify what are threads and risks. – gusto2 Aug 30 '18 at 08:50