[Responsibility2nd]

Winning.

(Never gets old, does it?)

[Zhang Fei]

Capital One just had a massive data breach involving 100m customer records. Its cloud provider? Amazon Web Services. The perp? A former Amazon Web Services employee.

[taxcontrol]

I work in cyber security and when I tell people that cloud means someone else owns the server and the data center, I get a lot of confused looks. Cloud is inherently less secure than owning your own server and data center because, you have less control over the access.

Can the solution be designed to accommodate that reduced control, yes. In fact, the design has to work even if you have little to no control over the hardware. Thus there is a greater need for monitoring, testing and protection services.

[ConservativeMind]

Well, when an internal Amazon administrator for AWS is responsible for the Capital One breach, there SHOULD be a concern.

To be fair, the AWS S3 admin took advantage of apparent router misconfigurations that others could have, as well, but it’s very suspicious he(“she”) was the sole one to do this.

[Sergio]

Pentagon weenie: Yeah, let’s put it ALL on the cloud. What could go wrong?

[SuperLuminal]

Awsomeness Alert!

[elbook]

The pentagon should run its own cloud without connections to potentially compromised companies

$10Billion ... plenty of expertise available - its NOT rocket science