Next Pathway //
May 19, 2020
Next Pathway //
June 25, 2020
Recently named by The Globe and Mail as Canada’s hottest cloud start-up company, Next Pathway automates the end-to-end challenges our customers experience when migrating applications to the cloud
Join the team!
Our work environment rewards people for hard work, loyalty, innovation and mutual support
When it comes to the field of cloud-first business strategies and sensitive data, there are few better-known names in the industry than Capital One. In case you haven’t heard, Capital One suffered an immense data breach, which affected approximately 106 million customers. At the base level, Capital One is being held responsible and already facing legal allegations related to their usage of public cloud services for data storage as opposed to more traditional private cloud applications and localized data centers. While this is a trend that is known to reduce costs dramatically, events like this cause one to stop and think… If this can happen to them, what makes my company safe?
Amazon’s AWS has been a powerhouse in the world of cloud-based applications and big data protection. So, when things like this hit the news, everyone in the industry gets put on notice. AWS has several service-level agreements and government contracts. Currently, the House of Representatives Committee on Oversight and Reform sent Amazon a letter related to a request for a briefing on the security measures AWS has in place against vulnerabilities. This is strongly related to the government’s concerns regarding the vendor’s support of the 2020 Census as well as other government data.
Exactly what “government contract” is on the line? Currently, the Department of Defense has narrowed down the finalists for a cloud management contract valued at approximately ten billion dollars between Amazon and Microsoft. Seeing the strong similarities in Microsoft’s Azure and Amazon’s AWS regarding user interface and capabilities and considering it’s a contract with the Department of Defense — you better believe data security best practices are a top priority.
This whole debacle has brought many expert
opinions into the fray and the consensus is, basically, that nothing is
perfect. As you know, companies like Amazon and Microsoft have top-level talent
when it comes to cloud security management, engineers, and architects, but for
each person working tirelessly to protect your data, there is likely someone on
the same skill level trying to access secure data illegally. This is the world
we live in. One in which many thefts have shifted from breaking and entering to
a digital data heist. Thus, when it comes to who is responsible for protecting
your data, it falls away from the cloud providers and onto the shoulders of the
clients and how they set up their data configurations and encryption protocols.
The challenge with configuration falling to
the cloud service client relates to the default setting. For AWS, the default
was originally set to “public” (though now it is set to private). Thus, many
companies utilizing this software did not properly adjust default settings,
which left their data storage buckets publicly accessible and searchable on the
Should AWS be to blame for this? Or does this fall on the shoulders of the client who “didn’t read the fine print”? This modern conundrum is akin to something business owners and operators have known for a long time: the competition is always looking for an edge. Now, we could spend countless hours discussing ethics and morality in the world of big data and business intelligence, but we’ll save that for another time. The takeaway here is that when it comes to protecting both your personal data as well as that of your clients, you need to hold yourself and your company as accountable as you would any cloud service provider.
Copyright © 2020 Next Pathway Inc. All rights reserved.SHIFT™ is an existing, applied for or registered trademark of Next Pathway Inc.