On Monday, it was reported by BBC News that nearly 200 million US citizens saw their personal information exposed online via publicly accessible Amazon cloud servers. Personal information, including addresses, phone numbers, and even political views, gathered into a database to establish profiles to be used by Republican political organizations were leaked due to a lack of inherent security protocol.
This latest Amazon Web Services (AWS) related “oops” comes on the heels of another breach when a publicly accessible data cache on Amazon Web Services’ S3 storage service contained highly classified intelligence data. This story, published by Ars Technica, linked the error to a Booz Allen Hamilton engineer and his remote login (SSH) keys and login credentials for a system in the company’s data center—also supposedly “classified.”
These events, while seemingly independent, provide the pattern of a scary trend—trusting that data, including top-secret data, is secure on a public cloud like AWS. AWS infrastructure, unmanaged by design, is easy and inexpensive to provision. The downside is without architecture design guidance, management, and controls in place, data breaches, and hacks, accidental or otherwise, are absolutely bound to happen, as we are witnessing every day. It’s like having a loaded weapon without the safety on, training, or supervision.
Think about it. When information is leaked, used improperly and without permission, people can get hurt. We don’t know when or really why those 200 million people were profiled in a Republican database, but in the wrong hands, an unsuspecting name on a list could become the target of a fanatic, harassment, or discrimination.
And we’re not just fearmongering. Amazon Web Services is undeniably an established leading hyperscale cloud provider, but it’s missing the governance and best of breed practices provided through managed support. When building a complex solution on AWS, architecture guidance, security controls, monitoring, and adherence to strict compliance requirements are paramount to a successful, secure application. The blame cannot rest completely on AWS. Companies should not blindly move to the cloud without the expert guidance and ongoing management of their resources of a trusted and expert advisors.
Managed cloud hosting providers can deliver superior data protection and security as a standout feature as to why to use them on top of AWS infrastructure. Whether hosting on a large or small server array, having a team of cloud hosting experts oversee, manage, and backup your data helps to eliminate the risks associated with the AWS style “set it and forget it” mentality.
As more stories emerge regarding Amazon’s inability to provide the guidance and controls needed to help avoid these kinds of “unpleasant” events, Hostway joins Fast Company’s Douglas Rushkoff in saying, “it is time to break up Amazon” but we’re taking some creative license and saying, it’s time to break up with trusting Amazon to all your security and compliance needs. Put the technology and infrastructure behind your company, but get the enhanced, personal security and 24x7x365 support your data needs with Hostway, the trusted cloud®.