|
|
|
|
|
|
by pm90
1503 days ago
|
|
|
Agreed. cloud providers’ incentives are aligned with growth which naturally mean easy accessibility; hence all the defaults being generally “open”. Its so easy to make a resource accessible to anyone, or an IP accessible from anywhere in the cloud without proper restrictions by internal teams in the company; and often the default is to give teams superadmin to “unblock their time sensitive project” rather than maintaining principle of least access which requires more discipline (and thus effort). Either cloud providers need to assume more responsibility for security or a Federal Agency like the FBI or NIST need to be more proactively engaged in improving the security posture of cloud hosted US corps. |
|
|
So no different from every VC funded startup (or startup seeking VC funding) then?
The sentiment of imposing tighter regulations around data security feels counter to the general idea that the lack of regulations around data security (e.g. strong data protection laws) are what allows the US tech industry to dominate compared to its EU equivalents.
I'm not disagreeing with this, I'm just pointing out the contradiction and wondering how those who believe the latter would reconcile that belief with demanding the former.