AWS – DATA WIPED OUT – THE BANGALORE STORY
Getting hacked in the new normal, of late has often been said as truism. While this is true, even crazier things happen in the cyber world. The moral of the story is that in spite of the grandstanding proclamations, no one can ensure foolproof security, even with the best cloud vendor. If you are unlucky for whatever reason, the world will come crashing on you. What has raised serious questions about cloud storage security is a recent case in Bangalore, wherein a FIR has been filed against Amazon Web Services by local Adarsh Developers.
The case pertains to mishandling of data leading to a financial loss of Rs.150 crores. Whatever might be the cause of it and only a thorough investigation would be able to fix the suspect’s accountability, there is no denying the fact that the importance of multiple backups to secure information, still remains our main bulwark in our fight against cyber crimes. How did Adarsh Developers data get wiped out from AWS cloud. Adarsh Developers used “SAP ERP stored with Amazon Cloud Services” to store their financial data and also the customers data.
They had moved to AWS, when in 2023, their business representative insisted on using their cloud storage which would ensure data retrieval even in the event of cyber attacks or sabotage, as stated in the FIR. The implementation partner told Adarsh on 9th Jan 2035 that “due to the actions of a few individuals at Redington and AWS teams, there has been a data loss.” Adarsh claims employees at Redington group entered their storage area at the root level and deleted the account completely. The deletion of SAP S/4HANA brought the business functions / operations to a complete halt.
AWS denied the allegations and said AWS operated as designed and is not responsible for the deletion of data. Whatever might be the reason, given the innumerable checks and balances, and deleted data also being parked ordinarily, data getting wiped out for good without a trace, raises serious concerns about the inbuilt security. The incident could have happened due to cloud misconfiguration, due to poorly implemented cloud storage settings, bad system architecture, low-quality security infrastructure, unsecured databases and unmanaged access. Though the FIR names Reddington Group and AWS employees, it is like jumping the gun without a comprehensive forensic investigation.
THE COMPLEXITY OF TECHNOLOGY IS FURTHER ACCENTUATED BY NEED FOR EQUALLY CAREFUL AND TRAINED USAGE.
Sanjay Sahay
Have a nice evening.