Amazon says customers have to protect own data

Amazon says customers have to protect own data

Protect amazon data

Amazon’s cloud computing customers have to decide themselves how best to protect sensitive information online, a senior executive said on Tuesday, following accusations by U.S. lawmakers that the web giant has not done enough to secure data on its servers.

Amazon Web Services (AWS), the cloud computing arm of Amazon.com, has come under fire following a series of high-profile data breaches, including one this year involving the personal information of 106 million people stored on its servers by Capital One Financial Corp.

Chief Technology Officer Werner Vogels said AWS provided multiple services to help customers identify if their data was being stored appropriately and flag any possible problems, but the decision about which settings to use lay with those clients.

“We feel we have a responsibility in making sure you take the right actions, but in the end it’s only you who can decide what is the right action there and what’s not,” he told Reuters on the sidelines of the Web Summit tech conference in Lisbon.

“I’m not going to look at your data thinking like ‘hey, these are cat videos, maybe you shouldn’t do that’.” He added that customers should use tighter security controls for sensitive data such as credit card information.

Cyber security researchers say data hosted on AWS servers is often accidentally exposed due to mistakes made by the company’s clients configuring their security settings.

The alleged Capital One hacker, for example, was able to access the firm’s data due to a wrongly-configured web application firewall, U.S. prosecutors have said.

Analysts at Gartner predict client mistakes will account for 99 percent of “cloud security failures” over the next six years.
Vogels said the AWS system warned customers with a “massive red button” when they configured online storage containers – known as buckets – to be accessible by anyone online, a setting deliberately chosen for some products and applications.

The company also provides tools which clients can run to analyse the type of data they are storing and spot commonly associated slip-ups, he said.

“If you (change) the configuration on your bucket to world-readable, you will get lots of alarm bells going off,” he said. “It’s up to the individual customer to decide what’s right and what’s wrong.”

Source: Reuters 5 November, Lisbon

Reporting: Jack Stubbs

Copyright Lyonsdown Limited 2021

Top Articles

COO of network security firm indicted for hacking into hospital network

A 45-year-old Chief Operating Officer of network security company in Atlanta, Georgia was indicted this week for launching a cyber attack on Gwinnett Medical Center.

McDonald's data breach: Employee and customer data stolen by hackers

McDonald's suffered a data breach that compromised the personal information of customers in South Korea and Taiwan and business contact information of some US employees.

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]