Misconfigured object storage still causes avoidable data leaks. Use this checklist to find high-impact issues quickly.
Block public ACLs and bucket policies unless explicitly required and approved.
Service identities should only access required buckets/prefixes and actions.
Enable at-rest encryption and verify key-management settings are consistent.
Turn on object access logging and alert on unusual download spikes or cross-region access.
Expire outdated objects and remove old snapshots/backups that no longer need retention.
Pair exposure checks with monthly reporting to catch drift before it becomes a breach.
Run report workflow →