Skip to main content
close search
site logo
Dive Brief

Senators press AWS on cloud security, call for FTC investigation

Published Oct. 25, 2019
Naomi Eide's headshot
Managing Editor
Flickr Creative Commons

Dive Brief:

  • Amazon is facing additional scrutiny for the Capital One data breach revealed in July after Senators Ron Wyden, D-Ore., and Elizabeth Warren, D-Mass., called for the Federal Trade Commission to open an investigation into the incident on Thursday. Their inquiry concerns whether Amazon Web Services' "failure to secure" servers used by Capital One "violated federal law," according to a letter sent to Joseph Simons, chairman of the FTC.

  • The attacker accessed the information of 106 million individuals from the U.S. and Canada using a "server-side request forgery" (SSRF) attack, according to the letter. While cloud offerings from Google and Microsoft include "mandatory protections against SSRF attacks," AWS does not. Because of its failure to deter against SSRF attacks, "Amazon shares some responsibility for the theft of data on 100 million Capital One customers."

  • The letter also says AWS was aware of the SSRF attack vulnerabilities since a cybersecurity researcher made a "high-profile demonstration" in 2014. A third-party researcher also notified AWS in August 2018 of the vulnerability and recommended it adopt precautions similar to Google and Microsoft.

Dive Insight:

The request for an FTC investigation follows up on an August letter from Wyden to AWS asking about the nature of the attack. In response to the attack, AWS CISO Stephen Schmidt said the company would "err on the side of over-communication" and proactively scan customers' security to deter against such mishaps. 

The configurations Capital One struggled with are its responsibility to secure as part for the "shared responsibility model" companies partake in when they use cloud vendor services. 

It's the difference between the security of the cloud vs. security in the cloud. Vendors make the promise they will protect all underlying hardware, storage and software that makes the cloud tick. When customers engage with cloud services, they have to ensure access is locked down and data is effectively managed. 

It's a theme for cloud customers. The services have a lot of moving parts and a simple misconfiguration can cause a PR nightmare. 

AWS is by far the dominant cloud provider, accounting for 47.8% of the IaaS public cloud market share in 2018. Because of its role in the market, it draws attention with even the slightest service hiccup. 

The segment is a cash cow for Amazon, bringing in $8.9 billion in Q3 2019, growing 35% year-over-year, the company announced Thursday. While it pales next to Amazon's North America segment, which brought in $42.6 billion in Q3, AWS pulls in a larger operating income.

AWS had $2.3 billion in operating income in Q3; Amazon's North America earned $1.3 billion.

Even with the potential for an investigation, AWS customers are still growing their usage, which allows the segment to grow even as AWS reduces prices. There is also more room for adoption. Forrester research shows just one-fifth of enterprise applications run in the cloud.

Recommended Reading

Filed Under: Cloud, Corporate

Editors' picks

Company Announcements

View all | Post a press release
truCX Launches Groundbreaking Partner Portal, Empowering CX Consultants and Trusted Advisors w…
From truCX
October 30, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Celonis AgentC: Making AI Agents Work for the Enterprise with Process Intelligence
From Celonis
October 23, 2024
Tech Ambitions Collide with Reality: 2025 Technology Impact Report Exposes Critical Readiness…
From Omnia Strategy Group, LLC
October 21, 2024
Editors' picks
Latest in Cloud
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell