Earlier this week it was reported that NSA suffered a breach that revealed top secret data. A virtual disk image belonging to the NSA — essentially the contents of a hard drive — was left exposed on a public Amazon Web Services storage server. The server contained more than 100 gigabytes of data from an Army intelligence project codenamed “Red Disk”. Leo Taddeo, Chief Information Security Officer at Cyxtera commented below.
Leo Taddeo, Chief Information Security Officer at Cyxtera:
“Time and again we see basic security controls go by the wayside. Failing to password-protect a public server is incredible in this age of cyber-attacks. Every organization needs to review their cyber policies, batten down the hatches and plug their holes. In addition, it’s time to take a fresh look at how we secure our networks and applications. For too long we’ve lived in a world of over-privileged access – and that needs to change. Approaches like a software defined perimeter (SDP), which originated at the Defense Information Systems Agency, is a step in the right direction. Access is granted on a need-to-know only basis. The context of the user, at the time they’re trying to connect to resources, dictates what they see.”