The Cloud Hack at Capital One
b'
On Monday of last week, Capital One announced a data breach affecting an estimated 106 million Credit card customers and applicants. This is one of the largest Data breaches experienced by a large bank.\\xa0 One noteworthy point is that this cyber theft was conducted against data stored in the cloud-hosted by Amazon Web Services.\\xa0 In the past, most cyber intrusions have been conducted against a corporate data center.\\xa0
Capital One is just one of the many companies that have migrated to cloud services technology to improve performance, deliver software enhancements, and reduce costs by closing down dedicated data centers.\\xa0 But, the heightened complexity and interdependency of applications deployed in the cloud has also introduced some new exposures and vulnerabilities.
While attending the RSA conference in San Francisco this year, I had an opportunity to meet with John Dickson of the Denim Group.\\xa0 John explained how the migration to the cloud-based infrastructure is a completely new concept verses, how apps were developed five years ago.\\xa0 He also discusses the approach used to create cloud applications known as continuous integration, continuous deployment, or CICD.\\xa0 The sheer complexity of the many moving parts in this technology can lead to simple missteps in security, leading to a data breach.
'