Absolutely the latter. This is similar to how Snowden had access to all the stuff he leaked. He worked at a place that did contract work with the government and was mortified at all he had access to that he should have never been able to see.
There’s a shit ton of articles in the tech space about how companies keep fucking up with stuff like this. No reasonable expectation that the government and their contractors would do any better.
I mean, Amazon isn’t necessarily in the wrong for providing the service. It’s governments trusting a private company, with a history of collecting more data than they should, with sensitive data. It’s just stupid, really really, mind numbingly, stupid
Yea, that’s why I mentioned these companies are just doing it wrong. Governments have the same problems as private companies, in that they don’t really want to maintain their own cloud infrastructure, so they’ll use something like AWS
But for example they could host their own On-premises HSM and encrypt their GovCloud to a degree that it’s inaccessible to AWS
Is that an Amazon problem, or a government admin setting the wrong permissions on AWS problem?
Absolutely the latter. This is similar to how Snowden had access to all the stuff he leaked. He worked at a place that did contract work with the government and was mortified at all he had access to that he should have never been able to see.
There’s a shit ton of articles in the tech space about how companies keep fucking up with stuff like this. No reasonable expectation that the government and their contractors would do any better.
The real problem is Amazon hosting sensitive government files…
It’s pretty common that AWS is doing that, they even have a special GovCloud for them.
These companies are obviously just doing it wrong by having public S3 buckets
I mean, Amazon isn’t necessarily in the wrong for providing the service. It’s governments trusting a private company, with a history of collecting more data than they should, with sensitive data. It’s just stupid, really really, mind numbingly, stupid
Yea, that’s why I mentioned these companies are just doing it wrong. Governments have the same problems as private companies, in that they don’t really want to maintain their own cloud infrastructure, so they’ll use something like AWS
But for example they could host their own On-premises HSM and encrypt their GovCloud to a degree that it’s inaccessible to AWS