author photo
By Clare O’Gara
Thu | Aug 22, 2019 | 10:57 AM PDT

It’s the battle against misconfigured security settings in the cloud.

U.S. Senator Ron Wyden, D-OR, had a few questions for Amazon Web Services about the Capital One data breach. Especially because the Department of Defense is considering AWS for a $10 billion JEDI cloud contract.

The AWS response sent an overwhelming message to Congress and revealed new steps the company is taking when it comes to cloud security.

What Amazon Web Services says about the Capital One breach

AWS explained its perspective on the vulnerability exploited during the incident:

"After gaining access through the misconfigured firewall and having broader permissions to access resources, we believe a Server-Side Request Forgery was used."

AWS says that, because the web application firewall (WAF) wasn't configured properly, this "front door" to resources gave the attacker access.

But it reassured Senator Wyden that it "gives clear guidance" on how to protect its systems from SSRF and develop a strong firewall.

Of the Capital One breach, AWS said: "Sometimes humans make mistakes."

What AWS is doing for cloud security: a three-step plan

At the end of the letter, AWS introduced three measures it will implement to improve security in the cloud on its services:

  1. "We will proactively scan the public IP space for our customers' firewall resources to try to assess whether they may have misconfigurations."
  2. "We will redouble our efforts to help customers set the least permissive permissions possible."
  3. "We will push harder to make our anomaly detection services more broadly adopted and accessible in every geographic region in which we operate."

Cloud security is one of the hottest topics in cybersecurity right now, and it's on the agenda at each of our SecureWorld conferences this fall.

You can check out the full letter from AWS here.