The Cloud Hack at Capital One
Game Changers Silicon Valley · JIm Connor
Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
On Monday of last week, Capital One announced a data breach affecting an estimated 106 million Credit card customers and applicants. This is one of the largest Data breaches experienced by a large bank. One noteworthy point is that this cyber theft was conducted against data stored in the cloud-hosted by Amazon Web Services. In the past, most cyber intrusions have been conducted against a corporate data center.
Capital One is just one of the many companies that have migrated to cloud services technology to improve performance, deliver software enhancements, and reduce costs by closing down dedicated data centers. But, the heightened complexity and interdependency of applications deployed in the cloud has also introduced some new exposures and vulnerabilities.
While attending the RSA conference in San Francisco this year, I had an opportunity to meet with John Dickson of the Denim Group. John explained how the migration to the cloud-based infrastructure is a completely new concept verses, how apps were developed five years ago. He also discusses the approach used to create cloud applications known as continuous integration, continuous deployment, or CICD. The sheer complexity of the many moving parts in this technology can lead to simple missteps in security, leading to a data breach.