Sure looks that way. Snowflake at centre of world’s largest data breach
Snowflake is a cloud company that is that center of a data breach/hacking controversy. Mostly the controversy is about them saying they aren't responsible.
For example, Ticketmaster owner Live Nation filed an 8-K with the SEC for potentially the largest data breach ever, claimed to be 560 million customers.
That's a big damn data breach. How did it happen?
Snowflake, for those won’t know, is an AI data platform where you shove vast amounts of data in and use it. It allows you to do this with effectively no security.
But it is so convenient! Security is sooo hard, and it takes time, and money, and while our customers are ostensibly paying for security, management doesn't want to provide it. Or something.
The threat actors here, from what I’ve managed to establish, are a teen crimeware group who’ve been active publicly on Telegram for a while.
Which on some level is not surprising, but still manages to look bad. (Your security is defeated by a bunch of rowdy teens, not a bunch of PhD computer geeks from Russia or China.)
Let’s recap
We have what appears to be the world’s biggest data breach — in terms of impacted individuals — playing out with Snowflake as the vendor linking the victims. A lot of data has gone walkies.
And then there is the blame game.
Note that in the age of [Software as a service], your providers will throw you under the bus to save themselves. When you transfer your security risk to a provider, they don’t accept your risk — they just take the money.
What you’re sold vs what you get often don’t align — I’ve worked for a cloud provider, you don’t want to see how the sausage is made (but you can read about it in Microsoft’s [Cyber Safety Review Board] report) — and there’s no real accountability for the provider.
I'm sure there will more to come out about this.
Cloud computing sounds good in the E Suite. But nobody cares as much about your stuff as you do. And the existence of an extra profit stream can make savings hard to capture. Sure, there are economies of scale, and that might apply if you are running a small company. Not sure how Live Nation is capitalizing on "scale" at Snowflake. (Hat tip to Pixy Misa)
No comments:
Post a Comment
Comment Moderation is in place. Your comment will be visible as soon as I can get to it. Unless it is SPAM, and then it will never see the light of day.
Be Nice. Personal Attacks WILL be deleted. And I reserve the right to delete stuff that annoys me.