Sound familiar?

"Our access controls are airtight and we just passed our quarterly SOC-2 audit with flying colors," said Newco's CISO to their biggest customer yet. "Your data is safe."

Amy from Cats Co. and Bob from Dogs Co. to securely upload documents to Newco. Of course, Bob wants to keep his documents safe from Amy's prying eyes so Nextcloud maintains strong access controls on any documents its suppliers upload by storing rich metadata, permissions, and ownership information for each document in a connected Postgres database.* *Since the high performance storage backing Postgres is expensive, Newco has configured Nextcloud to store the data content of the documents Amy and Bob upload in AWS S3 bucket **newco-demo**. Nextcloud assigns a sequential ID for each object uploaded and puts a pointer to that object in the Postgres record for the corresponding document. Newco also uses [Minio](https://min.io/) as an S3 gateway/cache in front of **newco-demo** to keep the cost of repetitive S3 accesses down.* *Since Newco often wants to share information with both Amy and Bob, they have given Nextcloud access to a shared bucket called **newco-shared**. Both Amy and Bob can access anything in that shared bucket.* *Given Nextcloud keeps all metadata and access policies in Postgres, it doesn't write any of that to S3 ACLs or tags. In fact, on the back end, Newco admins and services like antivirus scanning and BI tools that Newco plans to use in the future have full access to any object in both **newco-demo** and **newco-shared**.* *Bob is worried that somehow data he uploads might end up in the shared bucket. The Newco CEO assures him that with the strong access controls they have in place that could never happen.* *Behind the scenes, however, Newco's head of security starts to worry...*