Skip to comments.U.S. Senator Sends Letter to Amazon CEO on Capital One Hack
Posted on 08/06/2019 10:40:04 PM PDT by WWG1WWA
A Democratic senator is pressing Amazon.com Inc. AMZN 1.29% for answers on its cloud-computing technology at the heart of the Capital One hack, one of the biggest-ever bank-data thefts.
(Excerpt) Read more at wsj.com ...
That’s where we want to put all of our military information. Everyone behind that idea should face a firing squad.
As I am affected by this and my phone email and SMS have been getting spammed since the hack, I’d like some answers too.
Sorry to hear that. Is there a lawsuit you can join? Id do it if I were affected. Its the only thing that gets their attention.
I can only access the first page - not paying for a sub to those traitors @ WSJ.
if you put a headline into a search engine you can often easily find a version that is not behind a paywall
The problem that Amazon now faces has to do with their WAF (Web Application Firewall) component that Capital One and other AWS platform clients use.
Amazon's WAF is a software defined networking device, meaning there is no physical hardware like a traditional firewall protecting the applications behind it. It is a virtual software device. Amazon's WAF is considered to be a "maturing technology" and has a small set of use cases that would be considered appropriate.
In the Capital One breach, Amazon's WAF was protecting what is termed Critical-Sensitive data which was not an appropriate use case for it and Capital One should've known better.
The WAF was not configured properly either, which compounded matters.
The bank I work for considers this to be a learning opportunity (at Capital One's expense ...) and we are putting in the appropriate measures to monitor the maturity of Amazon's WAF technology while using our own technology assets to protect the data we have on Amazon's cloud.
Finally, anyone who thinks that cases like the Capital One breach will stop banks and other financial services from moving to the cloud - think again. It's a huge cost savings for banks and more often than not cloud based services such as AWS, Azure and Google Cloud are frankly speaking, more secure than our own systems in our own data centers.
In financial services we spend a shit ton (that's a budget planning term for us ...) to protect our systems. Payroll, Infrastructure Spending, Support/Maintenance dollars are the only budget categories that beat it. In a low-interest rate environment where automation and scale are the two primary ways to save valuable capital and expense dollars, cloud is the real only way to achieve savings anymore. Staff has been cut to the bone where I am and there's hardly anyone available to do meaningful work beyond keeping the lights on.
Why is hacking like this not made a capital offense. Pun intended.
[In a low-interest rate environment where automation and scale are the two primary ways to save valuable capital and expense dollars, cloud is the real only way to achieve savings anymore. Staff has been cut to the bone where I am and there’s hardly anyone available to do meaningful work beyond keeping the lights on. ]
more often than not cloud based services such as AWS, Azure and Google Cloud are frankly speaking, more secure than our own systems in our own data centers.
I see this a lot. We provide fiber connections to data centers in Chicago and across the country directly to these services. (AWS, Azure, O365, etc.) and one of the things we frequently encounter is customers who have no idea just exactly how their current provider gets them there. No route maps are available to them.
How do you know your data is secure if you cant follow it from Point A to Point Z? Blank looks usually follow.
Always best to encrypt your connections yourself point to point. Don't rely on the major carriers to do it for you.
We encrypt our data in transit and at rest. That's important and we're one of the few who does at rest also. It's expensive, sure. It's less expensive than a breach costing a shit ton of business and money. Even if someone were to breach our network security or get into one of our data centers and steal a disk, it's undecipherable to them without the decrypt keys.
Always best to encrypt your connections yourself point to point.
Our dark fiber customers usually do that. We hand them the fiber and they do the rest. But not all businesses have the IT horsepower to do that. So we can provide end to end security if they wish.
We always use industry best practices. Shocking how many IT types dont.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.