Another Voter Record Exposure on Amazon S3
It’s been a rough year for US Voters when it comes to data security. RoboCent, a political robocalling company, is latest to leave sensitive data unsecured and available to the public. The data breach, if it can still be called that when configuration is at fault, exposed thousands of files containing potentially hundreds of thousands of sensitive voter records for an unknown amount of time. Like the incident with Chicago voters this time last year, a misconfigured S3 Storage container was to blame.
Those of you who have been keeping up with the Liftr Round-Up in the past months will know that Amazon S3 Buckets have been the culprit for several large data leaks, mostly resulting from improper setup of access permissions. RoboCent joins the disappointing ranks of FedEx, Verizon, Accenture, and Time Warner as a fellow offender. RoboCent did act quickly to close off that particular container once notified, and the company claimed the data was “outdated” at the time of the Press Release.
Unfortunately, another unsecured S3 bucket soon after, this one containing more recent and even more sensitive information than the former. Worse, RoboCent admitted that this was not a mistake- the container was intentionally configured that way, so that anyone could get access who had the URL without a username and password. Exposed data includes the names and predicted political affiliations of hundreds of thousands of voters, in addition data like estimated annual income, religious affiliations, personal interests and hobbies, and likely feelings about hot-button political topics like tax reform or gun control.
JEDI Contract Continues to Rankle
The Pentagon’s much contested JEDI contract began accepting bids recently, and with it, questions about the Department of Defense’s single-provider approach soared. Despite several recommendations and protests to the contrary, the Pentagon doubled down on the decision. They cited speed to deployment as a major motivator for choosing a single provider, and emphasized that the JEDI contract won’t make up the entirety of the DoD Cloud Strategy.
Despite this, several industry experts think the Pentagon is making an unwise decision. Leaders from IBM, Oracle, and the IT Acquisition Council have all raised concerns about vendor lock-in, loss of technological opportunity, and loss of competitive pricing as potential consequences of choosing a single provider.
With so much outspoken criticism for the Pentagon’s choice to partner with a single cloud provider, it shouldn’t come as a surprise that smaller contenders are already calling foul play before the bids are even in. Oracle has become one of the leading voices challenging the decision, filing a bid protest earlier this week. The protest claims that the Pentagon failed to follow procurement regulations and will ultimately hurt the US in the long run. While there is no response as of yet, it’s possible that Oracle will see results- a similar protest over the REAN Cloud contract earlier this year worked out in the company’s favor and resulted in the scope of the contract being narrowed.
Potential New Indian Data Regulations
India might become the next nation to pass data sovereignty legislation, following the controversial laws that went into effect in China in may of this year. It wouldn’t be surprising- several statements from the Indian political establishment have placed data sovereignty as a high priority going forward.
If India does enact more stringent regulations regarding where and how data can be stored in the country, providers can expect similar issues to those presented in China- having to restructure or sell off assets to local partners, who are then able to run and store the information legally. Even if the government makes fewer demands than China, increased regulation will almost certainly result in increased spending in the region.
While it isn’t surprising that the growing nation is looking to write more legislation on the topic, their motivations for doing so aren’t what many people expect. While things like investigative power and security certainly do factor in, increasingly the conversation is revolving around the economics of data and innovation in data science. By ensuring some data must stay local, governments can harvest some of the increasing projected cloud spend locally.
Alibaba Cloud Expands Malaysian Arm
The Chinese based cloud provider opened its second availability zone earlier this week, with another Malaysian based grand-opening later this month. Alibaba Cloud’s investment in Malaysia began last year with the first availability zone, but advanced quickly. Now, Alibaba supports Malaysia City Brain, an AI initiative that Alibaba hopes will help propel it closer to the larger cloud providers in AI technology.
This new expansion into Malaysia and the rest of Southeast Asia supports their current strategy- maintain dominance in China and begin to expand globally into friendly markets. It also supports the growing trend of adding resilience to existing cloud offerings we’ve seen from many major providers, which helps build company trust. For more information on provider resilience, including Alibaba Cloud, check out the Global Presence category of the Liftr Index. For a deeper dive into Alibaba Cloud, check out the Alibaba Report under Resources.
Has your business made major strides using cloud? We want to hear from you! Email us at ideas@Liftrnews.com.