cloud security

The Cloud is More Secure Than Your Facility

Filed under:

A recent article in the Wall Street Journal ominously titled Capital One Breach Casts Shadow Over Cloud Security, veers dangerously close to blaming an internal company error at Capital One on one of the most secure companies in the world.  The article might be better headlined as "dirty bath water casts shadow over baby".  

The article stated that the Capital One data breach exposed the records of 106 million customers, which is a tragic security lapse regardless of where the fault might lie.  But importantly, the Journal noted that according to court documents, a Capital One error – a misconfigured firewall – led to the breach.  A Capital One spokesperson was also quoted as saying that "This type of vulnerability is not specific to the cloud."  All of this would leave one to wonder why this incident "casts a shadow" over cloud security.

While it is true that no security is absolute, chances are that AWS is significantly safer that the large majority of IT fabric globally.  At a majority of enterprises, a significant portion of IT's time goes into meetings that support the core business offering and internal politics.  At AWS not only do they have their security products, services and contractors, but they even run their own security conference.  By comparison infoSec teams at even the largest enterprises have sweeping oversight requirements that make it almost impossible to patrol effectively.

Enterprises looking to improve their security should evaluate the security protocols looking at:

  1. Infrastructure Security (Physical and Virtual)
  2. DDoS Mitigation
  3. Data Encryption
  4. Device Inventory and Configuration Management
  5. Monitoring and Logging
  6. Identity and Access Control
  7. Penetration Testing

Security is a constant game of cat and mouse, but moving away from AWS managed services (or other cloud providers) is just plain misinformed.

Date posted: August 2, 2019

Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>, <cpp>, <java>, <php>. The supported tag styles are: <foo>, [foo].
  • Web page addresses and email addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Metal Toad is an Advanced AWS Consulting Partner. Learn more about our AWS Managed Services

About the Author

Joaquin Lippincott, CEO

Joaquin is a 20+ year technology veteran helping to lead businesses in the move to the Cloud. He frequently speaks on panels about the future of tech ranging from IoT and Machine Learning to the latest innovation in the entertainment industry.  He has helped to modernize software for industry leaders like Sony, Daimler, Intel, the Golden Globes, Siemens Wind Power, ABC, NBC, DC Comics, Warner Brothers & the Linux Foundation.

As the CEO and Founder of Metal Toad, an AWS Advanced Consulting Partner, his primary job is to "get the right people in the room".  This one responsibility is cross-functional and includes both external business development functions as well as internal delegation and leadership development.

A UCLA alumni, he also serves in the community as a Board Member for the Los Angeles Area Chamber of Commerce, the Beverly Hills Chamber of Commerce, and Stand for Children Oregon - a public education political advocacy group. As an outspoken advocate for entry-level job creation in tech he helped found the non-profit, P4TH, an organization dedicated to increasing the number of entry-level jobs in the tech industry, and is in the process of organizing an Advisory Board for the Bixel Exchange, a Los Angeles non-profit that provides almost 200 tech internships every year.


Schedule a Free Consultation

Speak with our team to understand how Metal Toad can help you drive innovation, growth, and success.