CapitalOne, AWS and what we should learn (or really know) about Public Cloud

I’m sure you’ve heard all about the CaptialOne hack by now. The interesting part is that the records were stored on AWS. You can read more about that here. Why is this interesting? Number one reason is that AWS wasn’t the issue but the hack has highlighted the fact that while AWS and other public Cloud providers (i.e. Microsoft and Google) provide the infrastructure, you still need to be responsible about the applications. No different than when you run on-premises, you are still responsible for the configuration of the applications and devices.

If you are using Office 365 for example, you should utilize Secure Score as a starting point. Secure Score can help you identify areas which are not following to best practices (i.e. do you have Global Admin’s without MFA?)

I spend a lot of time with customers talking about these types of topics. I hear many people say if they move to the Cloud they won’t have a job. This is all bogus unless your job is literally just racking and stacking hardware in a data center, in which case, you may not have a job at your current company but possibly at the Cloud provider. When a company moves to the Cloud, if you are responsible for an application, your job hasn’t changed, just the location of the server has changed. In fact, your job became more important. It is your responsibility to ensure that the application is setup to best practices and to ensure that it is meeting business needs.

Take the time to learn and embrace the Cloud. There are many opportunities that didn’t exist before with Public Cloud. I personally believe that Public Cloud and the consumerization of technology is benefiting businesses through improved productivity. Companies have to get real value out of applications or they will (and can) drop them quickly in favor of alternatives that perform. Embrace the new challenges and discover that the world hasn’t really changed all that much.