The Cloud Hack at Capital One
Release Date: 08/07/2019
On Monday of last week, Capital One announced a data breach affecting an estimated 106 million Credit card customers and applicants. This is one of the largest Data breaches experienced by a large bank. One noteworthy point is that this cyber theft was conducted against data stored in the cloud-hosted by Amazon Web Services. In the past, most cyber intrusions have been conducted against a corporate data center.
Capital One is just one of the many companies that have migrated to cloud services technology to improve performance, deliver software enhancements, and reduce costs by closing down dedicated data centers. But, the heightened complexity and interdependency of applications deployed in the cloud has also introduced some new exposures and vulnerabilities.
While attending the RSA conference in San Francisco this year, I had an opportunity to meet with John Dickson of the Denim Group. John explained how the migration to the cloud-based infrastructure is a completely new concept verses, how apps were developed five years ago. He also discusses the approach used to create cloud applications known as continuous integration, continuous deployment, or CICD. The sheer complexity of the many moving parts in this technology can lead to simple missteps in security, leading to a data breach.