Hacker News new | past | comments | ask | show | jobs | submit login

IT doesn’t have any involvement when it comes to S3 buckets at any company I’ve seen. Anything in a cloud tenancy is devops acting with autonomy. Sometimes they have a security person review it, but many companies don’t do that, and the ones that do have way more moving parts than their security engineers are capable of reviewing, so stuff gets through.

Even then, it’s unlikely that a security person would recommend compartmentalizing this particular data set. Any application that needs access to some of it probably needs access to all of it, and it makes little difference if you compromise a server and get one key or if you get 30 keys. The trust boundaries haven’t moved, so it would increase cost without really mitigating any threats.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact