The SSA stores a lot of sensitive data. Normally with sensitive data you want to be very careful with who can access it and how.
What is potentially worrisome in this situation is it seems like the SSA is taking on the “move fast and break things” attitude of Silicon Valley.
More technically, most government agencies use AWS and Azure (cloud providers) to host data. So spinning up a new server isn’t inherently bad. However, creating a new server that is secure and has the correct access controls (user permissions regarding who can see/change content) can be challenging. The whistle blower believes they are not doing this right, and it sounds like the head of the SSA isn’t disagreeing, just saying he thinks the risk is worth it.
Could you please explain like I’m 10?
The SSA stores a lot of sensitive data. Normally with sensitive data you want to be very careful with who can access it and how.
What is potentially worrisome in this situation is it seems like the SSA is taking on the “move fast and break things” attitude of Silicon Valley.
More technically, most government agencies use AWS and Azure (cloud providers) to host data. So spinning up a new server isn’t inherently bad. However, creating a new server that is secure and has the correct access controls (user permissions regarding who can see/change content) can be challenging. The whistle blower believes they are not doing this right, and it sounds like the head of the SSA isn’t disagreeing, just saying he thinks the risk is worth it.
That makes sense, thanks for the explanation