• Home
  • News
  • Coins2Day 500
  • Tech
  • Finance
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia
MagazineCybersecurity

After the Capital One Breach, Should Big Business Fear the Public Cloud?

Robert Hackett
By
Robert Hackett
Robert Hackett
Robert Hackett
By
Robert Hackett
Robert Hackett
August 24, 2019, 10:00 AM ET
BRB09.19_Capital-One-Hack
Smartstock/Getty ImagesSmartstock/Getty Images

You’d be hard-pressed to find a company more committed to using the so-called public cloud than Capital One. America’s seventh-­biggest bank by revenue has spent years winding down its data centers—from eight in 2014 to zero planned by the end of 2020—and relying on the on-tap resources of Amazon Web Services for computing and data storage. But now, in the wake of a data breach affecting 106 million North Americans, people are questioning whether Capital One represents a cybersecurity cautionary tale. 

To burrow inside Capital One’s systems, a hacker supposedly exploited a “misconfigured firewall.” Basically, the thief snuck in an open door. Both Capital One and Amazon stressed that “this type of vulnerability is not specific to the cloud.”

Yet some ­experts, such as Evan Johnson, a security manager at startup Cloudflare, say AWS’s technical setup made the breach “much worse.” AWS is particularly susceptible to “server side request forgery,” Johnson says, in which a hacker tricks a server into connecting where it shouldn’t, enabling data theft. Better mitigations ought to be in place, he says.

Despite the criticism, Capital One’s breach “doesn’t prove the cloud is wrong,” says Glenn O’Donnell, a Forrester VP. “What it does prove is you have to have the right controls in place from a security and governance perspective.”

Ed Amoroso, ex–chief security officer for AT&T, agrees that for most businesses, off-loading infrastructure to the cloud remains safer than managing one’s own: “You have to compare not against ‘perfect’ but against ‘on premises.’ ”

A version of this article appears in the September 2019 issue of Coins2Day with the headline “Capital Offense.”

More must-read stories from Coins2Day:

—Coins2DayChange the World 2019: See which companies made the list
—Corporate America’s most fascinating standoff: The accountant who exposed Madoff vs. GE
—America’s CEOs seek a new purpose for the corporation
—How the world’s biggest companies stay ahead
—What the world’s biggest motorcycle rally reveals about the state of festival food
Subscribe to Coins2Day’s CEO Daily newsletter for the latest business news and analysis.

About the Author
Robert Hackett
By Robert Hackett
Instagram iconLinkedIn iconTwitter icon
See full bioRight Arrow Button Icon
Rankings
  • 100 Best Companies
  • Coins2Day 500
  • Global 500
  • Coins2Day 500 Europe
  • Most Powerful Women
  • Future 50
  • World’s Most Admired Companies
  • See All Rankings
Sections
  • Finance
  • Leadership
  • Success
  • Tech
  • Asia
  • Europe
  • Environment
  • Coins2Day Crypto
  • Health
  • Retail
  • Lifestyle
  • Politics
  • Newsletters
  • Magazine
  • Features
  • Commentary
  • Mpw
  • CEO Initiative
  • Conferences
  • Personal Finance
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Coins2Day Brand Studio
  • Coins2Day Analytics
  • Coins2Day Conferences
  • Business Development
About Us
  • About Us
  • Editorial Calendar
  • Press Center
  • Work At Coins2Day
  • Diversity And Inclusion
  • Terms And Conditions
  • Site Map

© 2025 Coins2Day Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Coins2Day Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.