Reuters reports Amazon Web Services (AWS) has distanced itself from responsibility surrounding users’ cyber protection following criticism from U.S. lawmakers that claimed it doesn’t do enough to secure server data.
The cloud computing arm of Amazon.com has been the subject of several large data breaches, including one recent incident involving 106 million peoples’ personal information stored by Capital One.
Chief Technology Officer Werner Vogels says AWS provided more than one service to customers in their efforts to ensure cyber protection and flag suspicious activity. But, he said, the decision of which settings to take advantage of is the responsibility of the client.
“We feel we have a responsibility in making sure you take the right actions, but in the end it’s only you who can decide what is the right action there and what’s not,” he told Reuters.
“I’m not going to look at your data thinking like ‘hey, these are cat videos, maybe you shouldn’t do that’.” He added that customers should use tighter security controls for sensitive data such as credit card information.
His position on the topic — though probably not popular among those who have had personal information breached — is at least somewhat congruent with what industry experts say.
The Reuters report said many cyber security researchers say data hosted on AWS servers is accidentally exposed due to user error.
The Capital One hacker accessed the data because of just such an erroneously-configured web app firewall, the report says.
The report cites Gartner research that says client mistakes will account for 99 percent of cyber protection failures in the next six years.
“If you (change) the configuration on your bucket to world-readable, you will get lots of alarm bells going off,” Vogels told Reuters. “It’s up to the individual customer to decide what’s right and what’s wrong.”