. . .hackers “gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”
Hey let’s store the nation’s critical infrastructure documents on Jeff Bezos’ computers! Yay! What a cost savings that will be. And why not send all government communications through Microsoft?! Boy what a load off that will be.
FACEPALM. I still don’t know how AWS, et al, did it, but they have convinced a whole shit-ton of people to believe that using their “cloud” is not only as secure as building and maintaining their own infrastructure, they’ve convinced a lot of people it’s more secure. Because “core competencies”, etc…yeah, let’s de-skill a whole lot of IT people by learning only certain vendor dashboards and think that’s going to work out long term for things like security, DR, BC…
It’s kinda dumb when really, really big tech companies do this, it’s even stupider if government agencies fall for it…
Hey let’s store the nation’s critical infrastructure documents on Jeff Bezos’ computers! Yay! What a cost savings that will be. And why not send all government communications through Microsoft?! Boy what a load off that will be.
FACEPALM. I still don’t know how AWS, et al, did it, but they have convinced a whole shit-ton of people to believe that using their “cloud” is not only as secure as building and maintaining their own infrastructure, they’ve convinced a lot of people it’s more secure. Because “core competencies”, etc…yeah, let’s de-skill a whole lot of IT people by learning only certain vendor dashboards and think that’s going to work out long term for things like security, DR, BC…
It’s kinda dumb when really, really big tech companies do this, it’s even stupider if government agencies fall for it…