Skip to comments.
Pentagon puts $10B cloud computing contract on hold after Trump swipe at Amazon
Politico ^
| 08/01/2019
| By JACQUELINE FELDSCHER
Posted on 08/01/2019 2:27:53 PM PDT by SeekAndFind
click here to read article
Navigation: use the links below to view more comments.
first 1-20, 21-22 next last
To: SeekAndFind
Winning.
(Never gets old, does it?)
To: SeekAndFind
Capital One just had a massive data breach involving 100m customer records. Its cloud provider? Amazon Web Services. The perp? A former Amazon Web Services employee.
3
posted on
08/01/2019 2:32:21 PM PDT
by
Zhang Fei
(My dad had a Delta 88. That was a car. It was like driving your living room.)
To: SeekAndFind
I work in cyber security and when I tell people that cloud means someone else owns the server and the data center, I get a lot of confused looks. Cloud is inherently less secure than owning your own server and data center because, you have less control over the access.
Can the solution be designed to accommodate that reduced control, yes. In fact, the design has to work even if you have little to no control over the hardware. Thus there is a greater need for monitoring, testing and protection services.
4
posted on
08/01/2019 2:36:03 PM PDT
by
taxcontrol
(Stupid should hurt - dad's wisdom)
To: taxcontrol
I think using cloud is a very bad idea.
5
posted on
08/01/2019 2:39:09 PM PDT
by
DarthVader
(Not by speeches & majority decisions will the great issues of the day be decided but by Blood & Iron)
To: SeekAndFind
Well, when an internal Amazon administrator for AWS is responsible for the Capital One breach, there SHOULD be a concern.
To be fair, the AWS S3 admin took advantage of apparent router misconfigurations that others could have, as well, but its very suspicious he(she) was the sole one to do this.
6
posted on
08/01/2019 2:39:59 PM PDT
by
ConservativeMind
(Trump: Befuddling Democrats, Republicans, and the Media for the benefit of the US and all mankind.)
To: Zhang Fei
To: Zhang Fei
That was a very likely reason why DoD stopped its award to AWS.
8
posted on
08/01/2019 2:51:18 PM PDT
by
RayChuang88
(FairTax: America's Economic Cure)
To: DarthVader
I think using cloud is a very bad idea.”
I agree the military using cloud based storage is a very bad idea.
9
posted on
08/01/2019 2:53:05 PM PDT
by
gibsonguy
To: SeekAndFind
Pentagon weenie: Yeah, let’s put it ALL on the cloud. What could go wrong?
10
posted on
08/01/2019 3:03:45 PM PDT
by
Sergio
(An object at rest cannot be stopped! - The Evil Midnight Bomber What Bombs at Midnight)
To: DarthVader
I think using cloud is a very bad idea.Probably three or four dozen merchants and services you use every day run in the cloud.
To: Sergio
Read to the last line of the excerpt:
"...more than 500 clouds used by different parts of the military today."It all moved to cloud storage a long time ago. Might have been a blend of private cloud and public cloud.
To: taxcontrol
Cloud is inherently less secure than owning your own server and data center because, you have less control over the access.
Even if not 'on the cloud', you can be hacked. If your computer or server connects at all to the internet or other computers, your data is at risk. That was the case before "the cloud" became popular and highly used, and it's still the case now, except that with "the cloud", your data is at higher risk.
13
posted on
08/01/2019 3:09:45 PM PDT
by
adorno
To: ConservativeMind
“Well, when an internal Amazon administrator for AWS is responsible for the Capital One breach, there SHOULD be a concern.”
Worse. It was an Ex-Amazon AWS admin who breached an AWS customer’s security. Indicates very poor Systems architecture, management and security practices. Disabling all Admin accounts and resetting externally accessible administrative accounts is a 0-day activity when someone leaves a contract.
Even if C1’s data was downloaded when ‘it’ was still employed at AWS it means personal, external storage devices are permitted on the AWS management network. Bad, bad, bad.
14
posted on
08/01/2019 3:15:52 PM PDT
by
Justa
To: Zhang Fei
The perp is also a transgender woman — or a man who claims to be a woman.
To: RayChuang88
It’s a Pollutico article. My guess is that the decision did not have ANYTHING to do with Trump’s tweet, but put on hold for another reason.
16
posted on
08/01/2019 4:06:03 PM PDT
by
salmon76
(Socialism has a perfect track record. It wrecks nations' economies 100% of the time.)
To: Responsibility2nd
Nope, it doesn’t, especially now that the obligatory appointments are mostly gone, and we have people in office who Trump truly approves of, and who truly love America. The winning only gets sweeter, and if God wills, it will be sweeter still if God has mercy on America one more time in November 2020.
To: DarthVader
Yup. None of the above. No cloud.
18
posted on
08/01/2019 4:33:09 PM PDT
by
Revel
To: Justa
The ex-employee had been gone from Amazon for 3 years before the hack and no longer had an account/access to AWS systems. The exploit was through Capital One's firewall, their fault for misconfiguring it. External storage devices are not allowed on the AWS management network.
That said, the best way to keep your data secure is in your own network, IF you have the right people to secure it. I've worked as a contractor for the government. The government employees I encountered were not the right people to secure government networks. That might be different elsewhere, but not where I was.
19
posted on
08/01/2019 4:52:34 PM PDT
by
grateful
To: SeekAndFind
20
posted on
08/01/2019 7:36:41 PM PDT
by
SuperLuminal
(Where is Sam Adams now that we desperately need him)
Navigation: use the links below to view more comments.
first 1-20, 21-22 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson