Click here to visit Original posting
When I hear people worrying about cloud security, they’re usually shaking in their boots about some obscure bug beyond their control. Ha! Ordinary, stupid human mistakes are more than bad enough.
For example, Accenture left hundreds of gigabytes of private user and corporate data on four unsecured Amazon Web Services (AWS) S3 cloud servers. The data included passwords and decryption keys. What did you need to dig into this treasure trove? The servers’ web addresses.
That’s all. No user ID, no password, no nothing.
Adding insult to injury, according to Chris Vickery, director of cyber-risk research at security firm UpGuard, Accenture’s revealed data included its AWS Key Management System (KMS) master keys. With those, an attacker could have also taken control of all the company’s encrypted AWS data.
To read this article in full or to leave a comment, please click here