From cat videos to credit cards, Amazon says customers have to secure own data

US lawmakers accuse web giant for not doing enough to secure data on its servers

PHOTO: AFP

LISBON:
Amazon’s cloud computing customers have to decide themselves how best to protect sensitive information online, a senior executive said on Tuesday, following accusations by US lawmakers that the web giant has not done enough to secure data on its servers.

Amazon Web Services (AWS), the cloud computing arm of Amazon, has come under fire following a series of high-profile data breaches, including one this year involving the personal information of 106 million people stored on its servers by Capital One Financial Corp.

Chief Technology Officer Werner Vogels said AWS provided multiple services to help customers identify if their data was being stored appropriately and flag any possible problems, but the decision about which settings to use lay with those clients.

Amazon to phase out single-use plastic in India

“We feel we have a responsibility in making sure you take the right actions, but in the end, it’s only you who can decide what is the right action there and what’s not,” he told Reuters on the sidelines of the Web Summit tech conference in Lisbon.

“I’m not going to look at your data thinking like ‘hey, these are cat videos, maybe you shouldn’t do that’.” He added that customers should use tighter security controls for sensitive data such as credit card information.

Cybersecurity researchers say data hosted on AWS servers are often accidentally exposed due to mistakes made by the company’s clients configuring their security settings.


The alleged Capital One hacker, for example, was able to access the firm’s data due to a wrongly-configured web application firewall, US prosecutors have said.

Analysts at Gartner predict client mistakes will account for 99% of “cloud security failures” over the next six years.

Vogels said the AWS system warned customers with a “massive red button” when they configured online storage containers - known as buckets - to be accessible by anyone online, a setting deliberately chosen for some products and applications.

Amazon’s Ring camera raises civil liberties concerns

The company also provides tools that clients can run to analyse the type of data they are storing and spot commonly associated slip-ups, he said.

“If you (change) the configuration on your bucket to world-readable, you will get lots of alarm bells going off,” he said.

“It’s up to the individual customer to decide what’s right and what’s wrong.”
Load Next Story