[Default] On 31 Jul 2019 06:58:19 -0700, in bit.listserv.ibm-main jcew...@acm.org (Joel C. Ewing) wrote:
>And I noticed a reprinted Washington Post article in my local paper >today "Bank data stolen despite cloud push", which clearly indicates >bank management had the perception that somehow removing data from >Capital One's direct physical control to Amazon Web Services on the >cloud would "improve" security rather than just add different paths for >attack. Can't help but wonder if this move to "cut back" on Capital >One's data centers also involved laying off the people that might have >been smart enough to configure their firewall correctly and avoid the >breach. Since configuration problems have hit the mainframe, I suspect that platform didn't matter. I am beginning to believe that the most secure platform is the one where it is easiest (and mostly by default) to secure to the limits of the platform. Since this isn't a set and forget issue, good practices need to be in place so that ex-employees don't have access. Why was the person accused of the breach able to access the cloud? Did she need credentials in order to get by the improperly configured firewall? I suspect that all companies need an HR application that causes review of an employee's/contractor's access every time they change position and when their employment is terminated. Clark Morris > Joel C Ewing > >On 7/31/19 8:32 AM, Bill Johnson wrote: >> She breached an incorrectly configured firewall. >> >> >> Sent from Yahoo Mail for iPhone >> >> >> On Tuesday, July 30, 2019, 7:48 PM, Edward Finnell >> <0000000248cce9f3-dmarc-requ...@listserv.ua.edu> wrote: >> >> https://www.usatoday.com/story/money/2019/07/29/capital-one-data-breach-2019-millions-affected-new-breach/1863259001/ >> >> A CLOUDy day in data processing. >> >> >> ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
