AWS credentials for SEGA Europe were open to all – Computer – News

Several companies I work with use the standard Google Chrome password manager. If they had to set 2FA, then suddenly the dam wall. They do not understand! I advise them to use at least an authenticator app, or better: LastPass or 1Password.

What I think is missing from SEGA is an “integrated” policy that dedicates a central system as a place to store important information – such as passwords, credentials, and API keys. It’s easy to arrange, but first it has to be considered (=someone has to be given hours) and approved (by top management). This is where things often go wrong: top management knows absolutely nothing about security; That S3 bucket is also safe, right? Yes, that’s what AWS claims; As long as you don’t make it public. And that’s right: if only the right people get the right permissions, and you run the occasional bash script that checks the permissions, you’ll go a long way. But this also costs time (and money). So it is located between two chairs and shows half-finished positions as in this article.

Well, if they develop their cloud strategy like their games then v1.4 is at a decent level.

[Reactie gewijzigd door iApp op 31 december 2021 09:28]