Options

Accenture Breach

ClmClm Member Posts: 444 ■■■■□□□□□□
in Off-Topic
I'm currently studying up for cloud and my studies have shown multiple ways of not allowing this to happen.
What are your thoughts? Lack of understanding of the products or human error like equifax







Accenture latest to breach client data due to misconfigured AWS server | Healthcare IT News
I find your lack of Cloud Security Disturbing!!!!!!!!!
Connect with me on LinkedIn https://www.linkedin.com/in/myerscraig

· Share on FacebookShare on Twitter

Comments

  • Options
    PhalanxPhalanx Member Posts: 331 ■■■□□□□□□□
    Well, from my own limited knowledge of AWS, buckets aren't public by default (I use them for our cloud backups) when made, so I would say human error here. But as I mention, I have limited knowledge.
    Client & Security: Microsoft 365 Modern Desktop Administrator Associate | MCSE: Mobility
    Server & Networking: MCSA: Windows Server 2016 | MTA: Networking Fundamentals
    Data Privacy & Project/Service Management: PECB GDPR DPO/Practitioner | ITIL 2011: Foundation | CompTIA Project+
    Currently Studying: Microsoft 365 Enterprise Administrator Expert
    · Share on FacebookShare on Twitter
  • Options
    cyberguyprcyberguypr Mod Posts: 6,928 Mod
    Correct, you HAVE to make those buckets public, which is what people responsible for them are doing out of either laziness, stupidity, or plain old negligence. No different that "sysadmins" exposing crap to the Internet without applying proper security controls. Time Warner, Dow Jones, Verizon, City of Chicago voting records, military data, and many more have been hit by this.

    There's a very good thread elsewhere here from a month or two ago about abusing the term "Cloud Architect" that pretty much summarizes how we got here.
    · Share on FacebookShare on Twitter
  • Options
    ClmClm Member Posts: 444 ■■■■□□□□□□
    As always thank you for your input.

    I eventually want to be a Cloud Security Architect. I believe cloud is the future and one of the biggest concerns is the security portion but with most things I have seen at the enterprise level security is always a last thought or some type of add on. I think until they start having " Cloud Architects " who worry about more than just Availability and the throw that Confidentiality and Integrity more breaches will happen.
    I find your lack of Cloud Security Disturbing!!!!!!!!!
    Connect with me on LinkedIn https://www.linkedin.com/in/myerscraig

    · Share on FacebookShare on Twitter
  • Options
    UnixGuyUnixGuy Mod Posts: 4,565 Mod
    If I have to name one company that I don't like...it's Accenture. I've had a personal bad experience with their employees world wide (I'm sure they have good ones too), but I had a personal beef with them.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

    · Share on FacebookShare on Twitter
  • Options
    slinuxuzerslinuxuzer Member Posts: 665 ■■■■□□□□□□
    Deloitte was recently compromised due to a domain controller being accessible over the internet, seems these "Top Tier" firms are having trouble :D
    · Share on FacebookShare on Twitter
  • Options
    jamthatjamthat Member Posts: 304 ■■■□□□□□□□
    Accenture is one of two prestigious 'Emerald'-level partners at the upcoming AWS re:Invent conference. Nice
    · Share on FacebookShare on Twitter
Sign In or Register to comment.