Reply to post: Why is this so hard

Web doc iCliniq plugs leaky S3 bucket stuffed full of medical records

Androgynous Cow Herd

Why is this so hard

AWS has a self certifying protocol that is pretty comprehensive, actually. If you have actually paid attention and used the protocol to ensure you are following best practices, those buckets have been secured.

Completion of the protocols is then reviewed by Amazon and if passed “Advanced Parter” status is bestowed unto that company

To complete the protocols isn’t exactly trivial, but not impossible or even unlikely. Adherence to the protocols may slow down development slightly at worse until developers figure out how to work on their environment in a secure manner.

My opinion is that there is a certain class of software companies that have completely embraced “Agile” and behave like they are building gaming apps for cell phones, even if they are really building enterprise products that require a much more respectful attitude re: security than the current “We can do it this way and fix it properly if anyone notices”.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon