You will find it difficult to find a company more committed to using the so-called public Cloud than Capital One. America's seventh largest bank has spent years clearing its data centers - from eight in 2014 to no (data center) scheduled by the end of 2020 - and will rely on Amazon Web Services resources for computers and data storage. But now, after a data breach affecting 106 million North Americans, people are wondering if Capital One represents a security warning story in cyberspace.
To escape through Capital One systems, a hacker allegedly exploited a "wrong firewall". Basically, the hacker, it just seems like an open door. Both Capital One and Amazon stressed that "this kind of vulnerability is not specific to the cloud".
However, some experts - such as Evan Johnson, a security director - say that the technical installation of AWS made the breach "much worse". AWS (Amazon Web Services) is particularly sensitive to “forgery of application by server", Says Johnson, in which a hacker mocks a server on the connection where it should not, allowing data theft.
Despite the criticism, the breach of Capital One “does not prove that in cloud "It's wrong," said Glenn O'Donnell, a Forrester VP. "What it proves is that you have to have the right controls in place in terms of it security and governance. ”
Ed Amoroso, former security officer for AT&T, agrees that for most businesses, the infrastructure for off-loading in the cloud remains more secure than their own management.