Knowledge

9/19/2017

Amazon Security Is Not Enough

Using cloud platforms does guarantee that customer deployments on those platforms will be automatically secured. Regardless of how advanced the security of the products is, if a customer leaves login as admin/admin - the entire deployment will be vulnerable. This admin/admin is only one very simple example, and is exactly why Equifax had its major security breach.

Digital Edge not only suggests, but implores companies to implement security frameworks such as ISO 27001, NIST Core or SOC2.

Recently, the resumes of potential, current, and previous employees of the US Department of Defense and the US intelligence community were exposed. Although the documents were presumably under Top Secret security, they were still released; sharing the personal information of about 9,400 people that have credentials including previous government works and jobs they have possessed. Not only did they release personal information, such as addresses and phone numbers of these people, but also some Top-Secret operations they were partook in.

The documents were found on an insecure Amazon S3 bucket that was not password protected. The files have been traced back to TigerSwan- a security firm; which claims the files were safely secure, so the way the documents were breached is still unknown.  This lack of information is dangerous because there could be additional security attacks on the system, exposing even more information.

Amazon has been recently having security issues. A couple of months ago, hackers posed as fake people selling fake products. This was the result of a breach Amazon had earlier. This raises the question of why hasn’t Amazon cleaned up the initial breach and was hasn’t it fixed its third-party cybersecurity. Amazon needs a stronger third-party cybersecurity to prevent these issues especially since it is such a large company. The initial impact might not be too damaging, but so many holes or weak links in the system can overtime destroy the company.

”Amazon has cultivated one of the largest and most impressive third-party ecosystems in the history of global business with more than two million sellers on the site,” Fred Kneip, Chief Executive Officer (CEO) at CyberGRX, "With so many potential weak links, it's no surprise that hackers have found a way to exploit the network for financial gain.”

There were many reported incidents of personal information being hacked and exposed. Amazon’s S3 storage is left unlocked to the public. Amazon, a large company, needs to build a more robust security system. It is becoming too easy for hackers; and with more breaches happening, the idea that Amazon is easy to hack is spreading. Many clients have lost about half of their monthly sales, along with personal information being shared and now resumes being exposed. Who knows how much worse it can get, but unless Amazon closes those holes and mends those weak links, these hacks are going to continue happening.

Digital Edge provides top security to their servers. Working 24/7, we detect any type of faults in our systems instantly, before they even cause a potential threat to breaches. We provide security checks, do penetration testing and supervise our client’s systems to ensure full security. We work hard to maintain our 100% Uptime.  Read some of our tips in identifying hackers and more about Digital Edge’s Security Solution!

If you are in need of immediate Security assistance, please contact the Digital Edge Security Team today!

 

Stacey Petrov
Marketing and PR specialist

Stacey is a student of Media Marketing Management and assists Digital Edge marketing team with PR and content development. Stacey posesses great writing skills as well as knowlegde of technology and Digital Edge operation.

Was this article helpful?