Accenture Breach

ClmClm CISSP | CCSP | CCSK | AWS Architect Professional | AWS-Security Speciality | Terraform AssociateMember Posts: 444 ■■■■□□□□□□
I'm currently studying up for cloud and my studies have shown multiple ways of not allowing this to happen.
What are your thoughts? Lack of understanding of the products or human error like equifax







Accenture latest to breach client data due to misconfigured AWS server | Healthcare IT News
I find your lack of Cloud Security Disturbing!!!!!!!!!
Connect with me on LinkedIn https://www.linkedin.com/in/myerscraig

Comments

  • PhalanxPhalanx I have many leatherbound books... United KingdomMember Posts: 331 ■■■□□□□□□□
    Well, from my own limited knowledge of AWS, buckets aren't public by default (I use them for our cloud backups) when made, so I would say human error here. But as I mention, I have limited knowledge.
    Client & Security: Microsoft 365 Modern Desktop Administrator Associate | MCSE: Mobility
    Server & Networking: MCSA: Windows Server 2016 | MTA: Networking Fundamentals
    Data Privacy & Project/Service Management: PECB GDPR DPO/Practitioner | ITIL 2011: Foundation | CompTIA Project+
    Currently Studying: Microsoft 365 Enterprise Administrator Expert
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,920 Mod
    Correct, you HAVE to make those buckets public, which is what people responsible for them are doing out of either laziness, stupidity, or plain old negligence. No different that "sysadmins" exposing crap to the Internet without applying proper security controls. Time Warner, Dow Jones, Verizon, City of Chicago voting records, military data, and many more have been hit by this.

    There's a very good thread elsewhere here from a month or two ago about abusing the term "Cloud Architect" that pretty much summarizes how we got here.
  • ClmClm CISSP | CCSP | CCSK | AWS Architect Professional | AWS-Security Speciality | Terraform Associate Member Posts: 444 ■■■■□□□□□□
    As always thank you for your input.

    I eventually want to be a Cloud Security Architect. I believe cloud is the future and one of the biggest concerns is the security portion but with most things I have seen at the enterprise level security is always a last thought or some type of add on. I think until they start having " Cloud Architects " who worry about more than just Availability and the throw that Confidentiality and Integrity more breaches will happen.
    I find your lack of Cloud Security Disturbing!!!!!!!!!
    Connect with me on LinkedIn https://www.linkedin.com/in/myerscraig

  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,305 Mod
    If I have to name one company that I don't like...it's Accenture. I've had a personal bad experience with their employees world wide (I'm sure they have good ones too), but I had a personal beef with them.
    Certs: GPEN, GCFA, CISM, CRISC, RHCE
    In Progress: MBA
  • slinuxuzerslinuxuzer Member Posts: 665 ■■■■□□□□□□
    Deloitte was recently compromised due to a domain controller being accessible over the internet, seems these "Top Tier" firms are having trouble :D
  • jamthatjamthat Member Posts: 303 ■■■□□□□□□□
    Accenture is one of two prestigious 'Emerald'-level partners at the upcoming AWS re:Invent conference. Nice
Sign In or Register to comment.