|
Funny that you mention Amazon, because open S3 buckets have been implicated in dozens of security breaches. It's not so much that Amazon is the culpable party in those instances, but so many times, have I encountered a headline citing a "massive exposure of protected data" and somewhere in the body of the article, someone had dropped everything into an S3 bucket marked open read for public everyone. So, is it Amazon's fault? This sort of thing was an FTP server thing, before S3 reduced the hardware infrastructure overhead of setting up and maintaining your own secure FTP server... But, then again, lowering the technical bar meant letting in more and more non-experts, and naive, or otherwise less competant people. This, of course, broadens market penetration, and increases revenue. So, to add barriers, irritating warnings, nanny-goat advisories, hazard alarms to such a versatile and useful product might seem tantamount to leaving money on the table. After all, the goal of the product is ease of use. And, by the way, how does one solve the problem of bone-headed users? But, you know, there's the real distinction between an AWS S3 data breach and a Facebook data breach: with S3, you've shot yourself in the foot. Facebook, on the other hand, is pointing a gun at you. |