Earlier this week, it became public that Capital One was victim to a privacy leak, affecting more than 100 million of their customers. News revealed details about the source of the attack, that apparently an individual conducted and bragged about it publicly.
Now, a few days later and more facts known, the always excellent Krebs on Security blog offers some lessons learned from the incident. It has good statements from Netflix, CloudFlare, DisruptOS and AWS personnel, including citations about the involvement of IAM, EC2 and WAF. In particular, it points out mitigations that AWS recommends in response to Server Side Request Forgery (SSRF).
Interesting is the conclusion that Rich Mogull comes to, that the industry is facing a major gap in skills, related to this kind of cloud security. Basic skill and availability thereof has always been a major gap in the entire industry. Only with the arrival of cloud it becomes more sparse. Mostly, because corporations maintain both their existing data centers and new cloud infrastructure, leaving out on the opportunity to become more secure in the cloud.
Just a small observation I made during AWS Transformation Day. While the entire theme for the event was on transforming business, the schedule had one track for “Culture and Organizational Change” alone. While Culture and Organizational Change is a broad and huge topic, but it is necessary and makes the difference for agility in rapidly changing and competitive markets. Amazon has been talking about this for years and they share their knowledge with their partners.
On an attempt to find out how organizations actually master this, the perspective most consultants and companies I talked to during the event shared with me was rather sobering. Anyone exhibiting at that event merely offered to run any software project under an agile management. No support, consultancy or even efforts to drive actual change, whatsoever, at least nothing that would exceed a traditional software project scope.
Cultural and Organizational Change is something requiring executive buy in and is killed quickly by means of exhaustive efforts to plan ahead. Culture needs to embrace the possibility to change quickly, throughout the process. And the wish for management is human, to have transparency and perspective early in the process, it is just as natural in the process for developers to stay vague for items that are not yet clear.
Any cultural change needs to embrace bi-directual communication and the ability to break down complex. On first thought this sounds easy, but requires plenty of cooperation and trust in a clearly defined team. Culture is rooted in clear understanding of roles, responsibilities and not to mention last, trust of all members.
Another week, another Facebook leak. This time an Instagram dataset with apparently scraped profile information was found online.
A massive database containing contact information of millions of Instagram influencers, celebrities and brand accounts has been found online. The database, hosted by Amazon Web Services, was left exposed and without a password allowing anyone to look inside. At the time of writing, the database had over 49 million records — but was growing by […]
Gousto believes going all-in on AWS is a recipe for success, diginomica writes, and it’s undeniable there is no way around public cloud for digital services & offerings. It’s a pretty steep thesis to build a strategy relying on one particular hyper-scaler to make a business a success. In the end, customers purchase experience and not technology.
So, there is a Blockchain service on the cloud. As such this is no news, the news is it’s AWS that gives you this offering. If you are planning to leverage this option because you need Blockchain in your organization, you definitely need help understanding the technology.
It’s not AWS to blame to take your $
After announcing that they were launching a managed blockchain service late last year, Amazon Web Services is now opening that service for general availability. It was only about five months ago that AWS chief executive Andy Jassy announced that the company was reversing course on its previous dismissal of blockchain technologies and laid out a […]
It’s a huge effort considering the scale of the project and the relevance of customer data for Amazon. Given their cloud business and it’s maturity – AWS is more than 10 years old by now and leading the pack – this move seems overdue.
Amazon.com Inc. has taken another step toward eliminating software from Oracle Corp. that has long helped the e-commerce giant run its retail business.
After Amazon Web Services launched their Lambda offering in 2014, they apparently had some success. Just a few weeks after Google announced their serverless offering, today Microsoft also announced they’d be offering a technology to execute code event-driven, on demand.
Microsoft announced it was previewing a new service today at its annual Build Developer conference that lets programmers create event-driven triggers without deploying any underlying…