Following the recent massive Capital One data breach, it’s clear that even some of the world’s largest and most respected companies working in the cloud are still vulnerable to compliance and security issues. In this case, federal prosecutors charged a Seattle woman with stealing more than 100 million credit applications. As the details of the attack became public, the Capital One AWS environment came under scrutiny.
It’s now accepted that the attack vector the hacker took began with a misconfigured firewall. Ephemeral AWS credentials were extracted from the instance role and used to raid data from under-restricted S3 buckets.
Though Capital One gave up a pretty scary amount of critical consumer data, they were also rapid and accountable in their response. And, they showcased a simple fact: the public cloud is far more secure than on-premise data centers, but it isn’t impenetrable.
In ..
Support the originator by clicking the read the rest link below.
