You will find it harder to find a company more committed to using the so-called public cloud than Capital One. America's seventh-largest bank has spent years clearing its data centers - from eight 2014 to no (data center) scheduled until the end of 2020 - and will rely on Amazon Web Services' resources for computers and data storage. But now, after a data breach affecting 106 millions of North Americans, people are wondering if Capital One represents a security warning story in the cyberspace.
In order to escape through Capital One's systems, a hacker was allegedly exploiting an "incorrect firewall". Basically, o hacker, it just seems like an open door. Both Capital One and Amazon stressed that "this type of vulnerability is not cloud specific".
However, some experts - such as Evan Johnson, a security manager - say AWS's technical deployment made the breach "much worse". AWS (Amazon Web Services) is particularly sensitive to 'request forgery server", Says Johnson, in which a hacker tricks a server into a connection where it shouldn't, allowing data theft.
Despite the criticism, Capital One's "breach" does not prove that cloud it's wrong, "says Glenn O'Donnell, a Forrester VP. "What proves is that you need to have the right controls in place in terms of it security and governance. "