The recent CapitalOne breach has certainly made lots of headlines in less than a day since the story broke out. And sadly, it has already thrust the $700M settlement that was reached from the largest ever data breach – the Equifax one – onto the sidelines just days after the news of that settlement broke out.
But going back to CapitalOne, there are lots of lessons to be learned there certainly. I want to focus on where CapitalOne’s data centers were and what that means for the rest of the planet from a security perspective. CapitalOne has been one of the most vocal AWS customers. They have appeared at numerous AWS events and touted how they have completely shuttered all their data centers and run exclusively on Amazon. And to be fair, they have also shared their best practices and use of AWS services.
So, the question is: if one of the savviest AWS customers can suffer such a large and embarrassing data breach, then every AWS (and non-AWS) customer should be concerned...and taking proactive steps to address what cloud security means and what it does not mean.
Put another way, is reliance on the cloud lulling us into security complacency?
Published on CSO online on July 31st, 2019. Read the full article here.