The below statement is exactly what I experience everytime I deal with AWS services. What AWS pulls off is fantastic and gives users an unbelievable set of tools and services to build their applications from and run their business on.
The statement also highlights a fundamental problem that is not in tools or technology, but in people. We operate our datacenters today and that is the biggest part of our environment, but we also run cloud infrastructure, which is a whole new world and with a new set of tools and security controls. Those tools are all great, but as we all know with great power comes great responsibility.
My recommendation would be to spend time and money in training for your cloud provider and the security controls they offer and how to use them in the most effective and most secure way.
Just a remark about Capital One, I hear they have some of the most talented security people around and I doubt that pointing fingers is the right reaction for this breach.
“There is a basic skills and knowledge gap that everyone in the industry is fighting to deal with right now,” Mogull said. “For these big companies making that move, they have to learn all this new stuff while maintaining their old stuff. I can get you more secure in the cloud more easily than on-premise at a physical data center, but there’s going to be a transition period as you’re acquiring that new knowledge.”