Amazon Says it is Your Responsibility

As Congress is investigating Amazon in light of the Capital One breach, Werner Vogels, Amazon’s Chief Technology Officer, says that Amazon provides a number of ways for customers to manage the security of their Amazon environments, but ultimately, it is the customer’s responsibility to both understand their environment and also to protect it.

“We feel we have a responsibility in making sure you take the right actions, but in the end it’s only you who can decide what is the right action there and what’s not,” he told Reuters on the sidelines of the Web Summit tech conference in Lisbon.

Breaches related to Amazon are almost always caused by users not setting permissions correctly. While Amazon is currently in the spotlight, the story is the same whether it is Amazon or Azure or Google or any other cloud provider.

Gartner says that client mistakes will account for 99% of all cloud “failures” (AKA breaches) over the next 6 years. I am not sure what they think will happen in 7 years, but maybe they are hoping.

Amazon even warns customers with a “big red button” when they make their cloud storage containers publicly visible, yet people still do it.

Amazon provides tools to manage permissions, but the process is complex because the permissions are layered and the services interact with each other in odd ways. That is part of what happened with Capital One.

Do you know all of the tools that your cloud provider offers to manage your permissions?

How often do you review those permissions?

Do you run periodic penetration tests on your cloud environment?

What are you doing to stay out of the news?

Source: Reuters