Shortly after news of a data breach at Capital One came out, I received a call from Timothy Eades, chief executive of vArmour, a startup that helps companies manage security across so-called public and private clouds. He sounded exasperated.
“Everyone has been deaf, dumb, and blind moving to the cloud. They think it’s safe, convenient, easy—that they’ve moved to the happy place,” Eades told me. The point he stressed: Even after a company taps into the cloud—that buzzy nickname for the remotely managed computing resources offered by the likes of Amazon, Microsoft, Google, and others—it retains responsibilities. IT professionals cannot wipe their hands of infrastructure upkeep concerns completely.
Following that call, I wrote a piece for the latest issue of Fortune, published online this morning, which asks, “After the Capital One Breach, Should Big Business Fear the Public Cloud?” Generally, as just about every cybersecurity expert I spoke to underscored, the answer is, No.
The advantages of the cloud are simply too compelling. Businesses can tap the on-demand storage and computing resources they need when they need, thereby reducing waste. Dedicated, crack teams take care of most patching and software updates. The cloud is undeniably convenient and, more importantly, better in terms of security than what the majority of companies can achieve alone.
Don’t take it from me—take it from a practitioner. “People have been suggesting that there’s something inherently bad about cloud infrastructure and I, frankly, think it’s just the opposite,” Edward Amoroso, the former chief security officer of AT&T, told me. (The telecom giant, it must be noted, knows a thing or two about managing complex IT systems.)
Even Capital One attributes its ability to recover quickly from its breach to its embracement of the cloud. As Sie Soheili, a Capital One spokesperson, emphasized in bolded text in an email to me: “The speed with which we were able to diagnose and fix this vulnerability, and determine its effect, was enabled by our cloud operating model.”
I wondered, upon reading that statement, whether Capital One had no other choice but to double down on a cloud endorsement, given how far down the rabbit hole it has ventured since it began its IT migration five years ago. (On an earnings call earlier this year, CEO Richard Fairbank said he planned to eliminate the last of the bank’s data centers in favor of the cloud by 2020.) But even that default posture of journalistic skepticism cannot counter the truth: Moving some portion of one’s operations to the cloud is no cybersecurity panacea, but it is, in most cases, an obvious boon.
Robert Hackett | @rhhackett | robert.hackett@fortune.com