The below statement is exactly what I experience everytime I deal with AWS services. What AWS pulls off is fantastic and gives users an unbelievable set of tools and services to build their applications from and run their business on.

The statement also highlights a fundamental problem that is not in tools or technology, but in people. We operate our datacenters today and that is the biggest part of our environment, but we also run cloud infrastructure, which is a whole new world and with a new set of tools and security controls. Those tools are all great, but as we all know with great power comes great responsibility.

My recommendation would be to spend time and money in training for your cloud provider and the security controls they offer and how to use them in the most effective and most secure way.

Just a remark about Capital One, I hear they have some of the most talented security people around and I doubt that pointing fingers is the right reaction for this breach.