Dive Brief:
- Capital One is still "all in" on its cloud computing strategy, CFO Scott Blackley said Tuesday at an investor conference in New York. The comments mirror those made by Bernard Golden, the bank’s vice president of cloud strategy, last November, months before the data breach that exposed 106 million customers’ personal data.
-
The company is continuing with its plan to shut down all of its data centers by the end of next year, Blackley said.
- "We don't start using a service just because it's announced and it's cool," Golden told TechRepublic after November's Amazon Web Services re:Invent conference. Capital One is adopting the public cloud through Amazon Web Services. "We start using it when we are sure we can meet security and other commitments we have internally."
Dive Insight:
A number of firms opt for a private cloud, where assets are protected by internal firewalls.
Capital One chose a public cloud strategy because its vendor, AWS, could update security technology far faster than a financial services company. The move allowed Capital One to focus on consolidating its data centers and rewriting applications for a cloud-native environment.
Lauren Nelson, a principal analyst at Forrester, called Capital One's 2015 shift toward a public cloud a "bold claim in the market." Not many companies take that type of migration approach today, and "none of those are financial services companies," Nelson told CIO Dive earlier this year.
"We are comfortable that our journey to the cloud continues to be the right strategic move for the company," Blackley said Tuesday. Capital One will need to improve its cyber defenses and has retained outside experts to help conduct an internal review, he added.
Paige Thompson, a former Amazon Web Services employee, has pleaded not guilty to charges of computer fraud and abuse in the breach that was publicized in July. An improperly configured firewall allegedly allowed Thompson to access Capital One customers' data.
U.S. prosecutors have implicated Thompson in breaches at more than 30 other "victim companies," according to court documents.
"While this incident was regrettable, I do think that we’re going to find that we have a number of learnings that are going to make us a stronger and safer environment for data in the future," Blackley said. The "vulnerability" exposed by the breach would still have been a risk if the customer data was held at data centers.
Capital One's position that it's "all in" on its cloud strategy has served as somewhat of a company mantra.
Still, other financial services executives are advocating a more risk-averse approach.
Discover Financial Services CEO Roger Hochschild said Monday at the investor conference that his company is adopting a "hybrid" cloud solution, according to American Banker.
"I think we might be a little more cautious than some others in terms of our overall architecture," he said.