HELLFIRE posted : Brilliantly put Blackbird ![See Profile]()
! Which is basically my running theory (read:guess) for how these "found it an unsecured cloud" stories went.
Consider in the corporate IT world :
- sending files via email -- file size limitations, no attachments, DLP protections on email servers strips off the attachment.
- USB key / HDD -- USB is usually disabled "as a security risk."
- (re)writable CD/DVD -- in the pursuit of "light and portable," an optical drive is omitted, or beancounters declare "an unnecessary expense."
- network file shares -- PITA to get, and needs 7levels of approvals to get an ID for. And if you need admin / root permissions, "FUGGETABUT IT!"
- internet-facing (S)FTP server -- want to watch a security bod's brain explode? Suggest this in this day and age and watch the fireworks.
- Dropbox, etc. - blocked or mangled by the network firewall / web proxy -- I speak from personal experience on this.
With that and those limitations, someone got the bright idea to spin up AWS, etc., throw their stuff up, f**k the security issues / considerations
and run it BAU. It grew / became standard practice with no one watching what was going on, and well... we all know how the story ends.
I fully admit this is all speculation on my part... that's why I'd REALLY like a postmortem as to what happened, so we can all learn from this
and improve.
Regards
! Which is basically my running theory (read:guess) for how these "found it an unsecured cloud" stories went. Consider in the corporate IT world :
- sending files via email -- file size limitations, no attachments, DLP protections on email servers strips off the attachment.
- USB key / HDD -- USB is usually disabled "as a security risk."
- (re)writable CD/DVD -- in the pursuit of "light and portable," an optical drive is omitted, or beancounters declare "an unnecessary expense."
- network file shares -- PITA to get, and needs 7levels of approvals to get an ID for. And if you need admin / root permissions, "FUGGETABUT IT!"
- internet-facing (S)FTP server -- want to watch a security bod's brain explode? Suggest this in this day and age and watch the fireworks.
- Dropbox, etc. - blocked or mangled by the network firewall / web proxy -- I speak from personal experience on this.
With that and those limitations, someone got the bright idea to spin up AWS, etc., throw their stuff up, f**k the security issues / considerations
and run it BAU. It grew / became standard practice with no one watching what was going on, and well... we all know how the story ends.
I fully admit this is all speculation on my part... that's why I'd REALLY like a postmortem as to what happened, so we can all learn from this
and improve.
Regards
