US ‘no fly list’ leak


Today’s news that the entire US ‘no fly list’ was leaked online after being left on an unsecured server, supports the misnomer that exists around security and the cloud. Cloud security is not easy and not down to one or two individuals. Rather, building secure cloud infrastructure is a highly complex, shared responsibility model requiring rigorous understanding of a plethora of attack vectors.

And, whilst in this instance a robust pen testing programme would have identified the issues in build quality and looked to add defence in depth – reinforcing how important it is to never overlook the importance of security ‘basics’ – the primary question this leak raises is whether sensitive data should ever be stored in clear text in today’s age of relentless cyber threats.