Even After Capital One’s Breach, Don’t Doubt the Cloud—Cyber Saturday
Shortly after news of a data breach at Capital One came out, I received a call from Timothy Eades, chief executive of vArmour, a startup that helps companies manage security across so-called public and private clouds. He sounded exasperated.
“Everyone has been deaf, dumb, and blind moving to the cloud. They think it’s safe, convenient, easy—that they’ve moved to the happy place,” Eades told me. The point he stressed: Even after a company taps into the cloud—that buzzy nickname for the remotely managed computing resources offered by the likes of Amazon, Microsoft, Google, and others—it retains responsibilities. IT professionals cannot wipe their hands of infrastructure upkeep concerns completely.
Following that call, I wrote a piece for the latest issue of Fortune, published online this morning, which asks, “After the Capital One Breach, Should Big Business Fear the Public Cloud?” Generally, as just about every cybersecurity expert I spoke to underscored, the answer is, No.
The advantages of the cloud are simply too compelling. Businesses can tap the on-demand storage and computing resources they need when they need, thereby reducing waste. Dedicated, crack teams take care of most patching and software updates. The cloud is undeniably convenient and, more importantly, better in terms of security than what the majority of companies can achieve alone.
Don’t take it from me—take it from a practitioner. “People have been suggesting that there’s something inherently bad about cloud infrastructure and I, frankly, think it’s just the opposite,” Edward Amoroso, the former chief security officer of AT&T, told me. (The telecom giant, it must be noted, knows a thing or two about managing complex IT systems.)
Even Capital One attributes its ability to recover quickly from its breach to its embracement of the cloud. As Sie Soheili, a Capital One spokesperson, emphasized in bolded text in an email to me: “The speed with which we were able to diagnose and fix this vulnerability, and determine its effect, was enabled by our cloud operating model.”
I wondered, upon reading that statement, whether Capital One had no other choice but to double down on a cloud endorsement, given how far down the rabbit hole it has ventured since it began its IT migration five years ago. (On an earnings call earlier this year, CEO Richard Fairbank said he planned to eliminate the last of the bank’s data centers in favor of the cloud by 2020.) But even that default posture of journalistic skepticism cannot counter the truth: Moving some portion of one’s operations to the cloud is no cybersecurity panacea, but it is, in most cases, an obvious boon.
Robert Hackett | @rhhackett | email@example.com
Privacy gaslighting. Two Princeton professors are taking Google to task for suggesting that blocking "cookies," web browser-based ID tags, will harm people's privacy. Google argues the move will encourage "fingerprinting," a more persistent and invasive form of tracking. The professors counter that Google is being disingenuous; as they write, "it is unlikely that Google can provide meaningful web privacy while protecting its business interests, and Chrome continues to fall far behind Safari and Firefox."
Ransomware-opolis. Municipalities across America are getting ravaged by ransomware attacks, most recently a couple dozen cities in Texas. Hackers pick these targets assuming the cash-strapped local governments don't have the resources to keep their systems up to date and protected, as the New York Times writes. The cities have shown a willingness to pay up to in order to get services back up and running.
Taking care of business. There were a few big business moves in the cybersecurity industry this week. VMware bought Carbon Black, a computer protection software-maker, plus Pivotal, a data analytics startup, for a combined $4.8 billion. Splunk bought SignalFX, a cloud monitoring startup, for $1 billion. And Ping Identity, maker of identity management software, filed for a $100 million initial public offering on the Nasdaq stock exchange.
5Gotham. As New York City plans its rollout of 5G, the next generation of cellular networking, city officials are thinking through how to do so safely and securely, the Wall Street Journal reports. Security experts warn that the prevalence of Internet-connected devices will be a playground for hackers.
Attention nuclear engineers: Please do your bitcoin mining at home.
Share today’s Cyber Saturday with a friend: http://fortune.com/newsletter/cybersaturday/
Looking for previous Data Sheets? Click here.
The art of persuasion. Everywhere you look, states, political actors, and troll farms are exploiting Internet tools to spread disinformation, propaganda, and, ultimately, influence. As Sophia Ignatidou, a Catham House fellow, writes for The Guardian, baddies are ramping up their abuse of data mining to hijack minds and behaviors. "We may soon be dealing not just with disinformation or communications blackouts, but with mass-scale surreptitious manipulation through nudging," she warns.
Communication has been weaponised, used to provoke, mislead and influence the public in numerous insidious ways. Disinformation was just the first stage of an evolving trend of using information to subvert democracy, confuse rival states, define the narrative and control public opinion. Using the large, unregulated, open environments that tech companies once promised would “empower” ordinary people, disinformation has spread rapidly across the globe. The power that tech companies offered us has become a priceless tool in propagandists’ hands, who were right in thinking that a confused, rapidly globalising world is more vulnerable to the malleable beast of disinformation than straightforward propaganda. Whatever we do, however many fact-checking initiatives we undertake, disinformation shows no sign of abating. It just mutates.
China’s Lax Attitude About Privacy Is Shifting by Clay Chandler
Tired of Robocalls? You may Be Free of Them Soon by John Reid and Susan Decker
Arms Traffickers Use Snapchat to Sell Illegal Weapons by Chris Morris
ONE MORE THING
Crystal healing. Each year at Defcon, the popular Las Vegas hacking conference, attendees receive hackable badges—a puzzle to test their "leet" skills. This year's event featured electronic crystal badges that could be "unlocked" after interactions with other guests and show-runners wearing like badges. The mastermind behind this strange quest, Joe Grand, also known by the hacker alias "Kingpin," shared the inspiration for his design, a particular image, with tech blog Ars Technica.
"It was all pastel colors and clouds and a woman holding a laptop. It was an ad from the '70s about like the future of technology—the good side of technology. Instead of technology owning you, it's if technology helped you. And I saw that picture and I was just like, something was just like crystals. I don't know, it seemed sort of new age-y."